Penetration Testing & Vulnerability Management Section Manager

Apply now »

Date: 6 Oct 2025

Location: Riyadh, Riyadh, SA, Riyadh

Company: Zakat, Tax and Customs Authority

Job Objective

The Penetration Testing & Vulnerability Management Section Manager is responsible for evaluation and testing to identify weak points, analyze results, and ensure proper communication to confirm effective corrective measures are taken in a timely manner.
This includes supervising penetration testing activities, following up on recommendations, and ensuring the implementation of corrective actions. Additionally, the Section Manager is responsible for preparing and developing penetration testing policies and updating them in cooperation with the cybersecurity team to ensure alignment with international standards and security requirements.
The Section Manager also ensures that recommendations and reports submitted to different departments are followed up, and that the best international practices are applied in the field of penetration testing and vulnerability management.

 

Roles and Responsibilities
  • Share requirements and needs to develop the information and cybersecurity action plan, and ensure alignment with the Authority's strategy
  • Develop the operational plan of the Vulnerability Management and Testing Department and align it with the Information and Cyber Security Action Plan and the Strategic Plan for Analysis and Risk
  • Implement plans and provide the necessary inputs to be able to achieve the objectives of the Gap Management and Testing Department, which supports the overall strategic objectives of the Authority.
  • Discuss the budget requirements of the Division Management and Testing Gaps with senior management and provide input related to the budgeting process.
  • Ensure optimal use of the Vulnerability Management and Testing Department's budget and provide an accurate report on progress and challenges encountered
  • Validate initiatives and propose the implementation of those that achieve positive financial results for the Vulnerability Management and Testing Department and mitigate financial and operational risks.
  • Lead the assessment of cybersecurity software to detect vulnerabilities and ensure proper communication to secure an effective and timely solution
  • Monitor penetration testing activities to discover results and ensure proper communication to secure an effective and timely solution
  • Oversee the implementation of the reform plan to identify discovered issues and ensure proper assessment of the current technology infrastructure
  • Developing, developing, and updating penetration testing and vulnerability management policies and procedures in collaboration with the cybersecurity team and relevant departments.
  • Manage sophisticated tools and techniques to detect and exploit vulnerabilities in the IT system from the attacker's point of view.
  • Manage and supervise penetration testing activities to assess security effectiveness
  • Document, categorize, and report and make recommendations on penetration test results, identified gaps, actions taken, potential impacts, and corrective and preventive actions.
  • Applying international best practices and standards in the field of penetration testing and vulnerability management.
  • Assess, classify, and approve change requests received from different departments and ensure that they comply with security standards and requirements.
  • Identify and allocate resources, timelines, and responsibilities to implement changes in an orderly and effective manner.
  • Monitor and track the status of changes and resolve issues and risks that may occur during the change process.
  • Participate in the identification and recruitment of key talent
  • Guidance, guidance, and support of direct reports to carry out tasks according to defined processes and policies
  • Develop individual performance goals, provide support, evaluate the team, and provide feedback on performance on an ongoing basis
  • Creating a high-performance work environment and promoting the values of the Authority

 

 

Qualifications and Job Requirements
  • 6 years of optimal industry experience (required).
  • A bachelor's degree in computer science or cybersecurity, or equivalent, is required.
  • A Master's degree in Cybersecurity, or equivalent, is preferred.
  • Professional certifications in cybersecurity (preferred).