The role is responsible for managing and overseeing the organization’s information security risk management framework. This position ensures that security risks are identified, assessed, mitigated, and reported in alignment with regulatory requirements, business objectives, and industry best practices. Additionally, it supports incident management, policy development, and compliance initiatives to strengthen the organization’s security posture.
Ready to apply for roles like this?
Unlock the company name and direct application link. Subscribers get instant access to fresh jobs across Dubai, Abu Dhabi and Riyadh, many with visa support.
Unlock employer & apply directly
Responsibilities
- Effectively communicate cybersecurity risks and posture to senior management.
- Develop security risk profiles of computer systems by assessing threats to and vulnerabilities of those systems.
- Develop risk mitigation strategies to effectively manage risk in accordance with organizational risk appetite.
- Develop specific cybersecurity countermeasures and risk mitigation strategies.
- Perform risk analysis whenever an application or system undergoes a major change.
- Ensure that cybersecurity risks are identified and managed appropriately through the organization's risk governance process.
- Carry out a cybersecurity risk assessment.
- Work with others to implement and maintain a cybersecurity risk management program.
- Establish a risk management strategy for the organization that includes a determination of risk tolerance.
- Develop methods to effectively monitor and measure risk, compliance, and assurance efforts.
- Enforce, incorporate, and comply with all necessary controls and related information security policies, procedures, practices, training, and reporting within departmental activities and operations.
Qualifications
- A tertiary level qualification from a recognized institution.
- Industry-recognized certifications in CISSP, CISM, CISA, CRISC, or ISO 27001 or other relevant certifications preferred.
- Recommended 5 to 7 years of equivalent experience in Enterprise and Information Risk Management, IT industry standards, and compliance.
- Strong knowledge and understanding of regulatory compliance requirements, internal audit concepts, standards, and processes.
- Excellent analytical, problem solving, and decision-making skills, applied with a solution-focused attitude.
- Demonstrable experience of information risk management techniques, frameworks, and practices.
