Cybersecurity, BCM & Audit Manager

Role overview

An organization in the financial services sector is looking for an IT, Cybersecurity, and Business Continuity Audit Manager to oversee risk-focused internal audit work and deliver independent assurance on technology controls, security maturity, resilience, and compliance obligations.

Key responsibilities

• Own the planning, delivery, and reporting of internal audit reviews across IT, cybersecurity, and business continuity areas.
• Build and keep current a risk-driven annual audit roadmap covering IT governance, infrastructure, cybersecurity, disaster recovery, and BCM.
• Perform audits and assessments against applicable regulations and standards, including SAMA cybersecurity requirements, NCA controls, and widely used frameworks such as ISO 27001, ISO 22301, COBIT, and ITIL.
• Review IT general controls, application controls, third-party technology risks, data governance practices, and cloud security arrangements.
• Test the strength of business continuity and disaster recovery arrangements, including how often they are tested and what the results show.
• Spot weaknesses in control design and in how effectively controls operate across IT and resilience processes.
• Provide independent assurance and advisory input to management on IT initiatives, system rollouts, and cybersecurity programs.
• Track audit report issuance on time and monitor open observations, corrective actions, and closure status.
• Guide, coach, and develop junior audit team members supporting IT audit and cybersecurity work.
• Work closely with other internal audit managers to align coverage and maintain consistency with the overall audit plan.
• Act as the Internal Audit point of contact with management, regulators, and external assessors on technology-related audit topics.
• Assist leadership with updates and reporting for senior management and the Audit Committee.

Requirements

• A bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a closely related discipline; a master’s degree is preferred.
• At least 6 years of relevant experience, including exposure to managerial responsibilities.
• A mandatory professional certification such as CISA, or an equivalent credential like CISSP, CISM, CRISC, ISO 27001 Lead Auditor, or ISO 22301.
• Strong analytical ability, sound professional judgment, and a consistently high ethical standard.
• Excellent written and spoken English communication skills; Arabic language ability is an advantage.
• Hands-on experience with data analytics tools such as ACL, IDEA, or Power BI, and familiarity with ERM is a plus.
• Solid understanding of financial-sector regulatory expectations, especially SAMA and the National Cybersecurity Authority (NCA).
• Preferred background in auditing ERP platforms, cloud environments, and IT infrastructure within regulated organizations.

Additional information

This role is based in Riyadh, Saudi Arabia, and is a full-time onsite position. The source listing did not specify salary, perks, eligibility restrictions, vacancy count, or start date.