diff --git a/.github/workflows/cd-to-prod-on-workflow-dispatch.yml b/.github/workflows/cd-to-prod-on-workflow-dispatch.yml
index fca0f80c9..a664f5a68 100644
--- a/.github/workflows/cd-to-prod-on-workflow-dispatch.yml
+++ b/.github/workflows/cd-to-prod-on-workflow-dispatch.yml
@@ -39,3 +39,15 @@ jobs:
       frontend-url: https://paytransparency.fin.gov.bc.ca
       semver: ${{ github.event.inputs.tag }}
       values: "values-prod.yaml"
+  zap:
+    name: ZAP Scan
+    needs: [deploys]
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Penetration Test
+        uses: zaproxy/action-full-scan@v0.10.0
+        with:
+          target: https://paytransparency.fin.gov.bc.ca
+          cmd_options: "-a"
+          fail_action: false
+          allow_issue_writing: false
diff --git a/.github/workflows/cd-to-test-on-workflow-dispatch.yml b/.github/workflows/cd-to-test-on-workflow-dispatch.yml
index 2944efca9..eb477f188 100644
--- a/.github/workflows/cd-to-test-on-workflow-dispatch.yml
+++ b/.github/workflows/cd-to-test-on-workflow-dispatch.yml
@@ -57,15 +57,4 @@ jobs:
     with:
       backend-external-url: https://pay-transparency-test-backend-external.apps.silver.devops.gov.bc.ca/api
       environment: test
-  zap:
-    name: ZAP Scan
-    needs: [deploys]
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Penetration Test
-        uses: zaproxy/action-full-scan@v0.10.0
-        with:
-          target: https://test.paytransparency.fin.gov.bc.ca
-          cmd_options: "-a"
-          fail_action: false
-          allow_issue_writing: false
+
diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml
index d1b823f45..8aa17b61c 100644
--- a/.github/workflows/merge.yml
+++ b/.github/workflows/merge.yml
@@ -126,15 +126,4 @@ jobs:
     with:
       backend-external-url: https://pay-transparency-dev-backend-external.apps.silver.devops.gov.bc.ca/api
       
-  zap:
-    name: ZAP Scan
-    needs: [deploys]
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Penetration Test
-        uses: zaproxy/action-full-scan@v0.10.0
-        with:
-          target: https://dev.paytransparency.fin.gov.bc.ca
-          cmd_options: "-a"
-          fail_action: false
-          allow_issue_writing: false
+
diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml
new file mode 100644
index 000000000..352aaa955
--- /dev/null
+++ b/.github/workflows/scheduled.yml
@@ -0,0 +1,21 @@
+name: Scheduled Jobs
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 11 * * 6' # 3 AM PST = 12 PM UDT, Saturdays
+
+jobs:
+
+  zap:
+    name: ZAP Scan
+    needs: [deploys]
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Penetration Test
+        uses: zaproxy/action-full-scan@v0.10.0
+        with:
+          target: https://paytransparency.fin.gov.bc.ca
+          cmd_options: "-a"
+          fail_action: false
+          allow_issue_writing: false