Cybersecurity Risk Lead

The Cybersecurity Risk Lead's primary function is to develop and govern the overarching risk management methodology to systematically identify, assess, and prioritize cybersecurity threats, vulnerabilities, and potential business impacts; this includes maintaining a corporate risk register, defining the acceptable risk appetite with senior leadership, monitoring the effectiveness of security controls against compliance frameworks (like CSF or NCA), and translating complex technical risk scenarios into clear, actionable business language for executive reporting and resource allocation to ensure risk mitigation aligns with organizational objectives and regulatory requirements.

Tasks & Responsibilities:

• Lead the company's cyber risk management program aligned to SAMA CSF and NCA ECC-2.
• Own risk assessments, control testing, risk registers, and treatment plans across tech, product, cloud, and third parties.
• Define cyber risk appetite, KRIs/KPIs, and executive dashboards (residual risk, control maturity, audit findings).
• Support regulatory exams, internal/external audits, and policy/standard lifecycle.
• Oversee third-party cyber risk for vendors, PSPs, and critical fintech partners.

Qualifications:

• Bachelor’s in Cybersecurity, IT, Business, or related field.
• 8–12+ years in cyber GRC/risk, including financial-sector exposure preferred.
• Strong grasp of risk frameworks (ISO 27001, NIST CSF/800-53) and mapping to SAMA/NCA controls.
• Excellent audit, documentation, and stakeholder skills.
• Certs preferred: CISSP-ISSMP, CISM, CRISC, ISO 27001 LA/LI.