Cybersecurity Risk Manager

The Cybersecurity Risk Manager is responsible for identifying, assessing, and mitigating risks related to cybersecurity within the organization. This role involves developing risk management strategies, ensuring compliance with regulatory requirements, and collaborating with various departments to implement cybersecurity controls and processes.

Key Responsibilities:

• Risk Identification and Assessment: Conduct regular cybersecurity risk assessments to identify potential threats, vulnerabilities, and impacts on the organization’s information assets. Develop and maintain a comprehensive risk register, documenting identified risks, mitigation strategies, and status.
• Risk Mitigation and Control Implementation: Design and implement risk mitigation strategies, including technical controls, policies, and procedures to address identified risks. Work with IT and other business units to ensure appropriate cybersecurity measures are in place and effective.
• Compliance and Regulatory Requirements: Ensure compliance with applicable cybersecurity regulations, standards, and frameworks (e.g., NIST, ISO 27001, NCA, GDPR). Liaise with regulatory bodies, auditors, and internal stakeholders to ensure adherence to cybersecurity and data protection requirements.
• Incident Response and Management: Develop and maintain incident response plans to address and manage cybersecurity incidents. Coordinate with the Security Operations Center (SOC) during security incidents to ensure timely and effective response.
• Reporting and Documentation: Prepare and present cybersecurity risk reports to senior management, highlighting key risks, mitigation status, and areas needing attention. Document all risk management activities, including assessments, controls, and incidents.
• Training and Awareness: Conduct training sessions and awareness programs to educate employees on cybersecurity risks and best practices. Foster a risk-aware culture within the organization.
• Continuous Improvement: Regularly review and update risk management processes, policies, and controls to adapt to new threats and changes in the regulatory landscape. Stay updated with industry trends, emerging threats, and advancements in cybersecurity technology.

Requirements:

• Qualifications:

  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (Master’s degree preferred).
  • Professional certifications such as CISSP, CISM, CRISC, or equivalent are highly desirable.
  • Minimum of 5-7 years of experience in cybersecurity, with at least 3 years in a risk management role.

• Skills and Competencies:

  • Strong knowledge of cybersecurity frameworks, standards, and best practices (e.g., NIST, ISO 27001, COBIT).
  • Experience in conducting risk assessments, developing mitigation strategies, and implementing cybersecurity controls.
  • Excellent communication and presentation skills, with the ability to convey complex technical information to non-technical stakeholders.
  • Strong analytical and problem-solving skills, with a keen eye for detail.
  • Ability to work independently and manage multiple tasks in a fast-paced environment.
  • Experience working in regulated industries (e.g., energy, finance, healthcare) is an advantage.

Location: Riyadh, Saudi Arabia
Work Conditions: On-site, Full-time
Language Requirement: Arabic