Location : Riyadh, Saudi Arabia

Client Domain : Banking / Financial Services / Government Sector

Experience Required : 5 to 10 Years (KSA experience preferred)

Payroll Company : NAZZTEC

Notice Period : Immediate Joiners Preferred

Work Timings, Days & Holiday Calendar : As per KSA regulations

Role Overview

We are seeking an experienced Vendor Management Specialist Cybersecurity to join our clients dynamic cybersecurity governance environment in Riyadh, Saudi Arabia.

This role is responsible for managing, evaluating, and monitoring external cybersecurity vendors and service providers to ensure full compliance with the organizations governance framework and regulatory requirements.

The ideal candidate will have hands-on experience in Third-Party Risk Management (TPRM), contract governance, cybersecurity due diligence, and vendor audits within the banking or government sectors.

Professionals familiar with SAMA TPRM, NCA ECC, ISO 27001, and CITC/NCA compliance programs will be

Roles and Responsibilities :

- Oversee the onboarding, performance, and governance of cybersecurity vendors, consultants, and service providers.

- Ensure all vendor engagements comply with SAMA TPRM, NCA ECC, and ISO 27001 standards.

- Conduct vendor due diligence, security assessments, and ensure cybersecurity clauses are included in contracts, NDAs, and SLAs.

- Review and validate vendor SLAs, OLAs, and deliverables against defined KPIs and risk benchmarks.

- Coordinate vendor audits, site inspections, and control assessments to ensure compliance with regulatory and internal standards.

- Maintain and regularly update a centralized vendor risk register, capturing risk levels, remediation status, and escalation actions.

- Collaborate with Procurement, Risk, Compliance, and IT Governance teams for renewals, performance reviews, and reporting.

- Manage cybersecurity incidents related to vendor-managed systems and participate in coordinated incident response.

- Report vendor compliance performance and risk metrics to CISO, Risk Committees, and Regulatory Bodies (SAMA, NCA) as required.

- Support the creation and continuous improvement of Third-Party Cybersecurity Policies, procedures, and frameworks.

- Contribute to national or government-level cybersecurity initiatives as part of multi-entity coordination

Technical & Professional Skills :

- 5 to 10 years of experience managing cybersecurity or IT vendors in the banking, financial, or government sector.

- Strong understanding of SAMA TPRM, NCA ECC, ISO 27001, and cybersecurity risk management frameworks.

- Proven experience in vendor governance, contract risk evaluation, and third-party due diligence.

- Excellent grasp of contract management, SLAs, KPIs, and regulatory reporting standards.

- Experience supporting compliance audits and cybersecurity assessments involving third-party systems.

- Strong coordination skills across governance, procurement, and risk management functions.

- Excellent communication and negotiation skills with both internal and external stakeholders.

- Experience working within the Kingdom of Saudi Arabia (KSA) is highly preferred

Preferred Certifications :

- CISM (Certified Information Security Manager)

- CRISC (Certified in Risk and Information Systems Control)

- CISSP (Certified Information Systems Security Professional)

- ISO 27036 Lead Implementer / Lead Auditor

- ITIL Supplier Management Certification

- SAMA or NCA Cybersecurity Awareness Certification (desirable)

Personal Attributes :

- Self-driven, structured, and detail-oriented professional with a strong ownership mindset.

- Exceptional interpersonal and stakeholder management abilities.

- Strong analytical and reporting skills with regulatory awareness.

- Immediate availability preferred.

- Willingness to work onsite in Riyadh, Saudi Arabia.