Cybersecurity Risk Management Specialist

Cybersecurity Risk Management Specialist

Location: Riyadh, KSA

Experience: 3-7 Yrs

Skills: NCA Essential Cybersecurity Controls (ECC), ISO 27001 / ISO 27005, NIST Cybersecurity Framework, NIST SP 800-30 / 800-37, GRC Certifications

Only Immediate joiners OR not longer than 30 days' Notice Period Job Description

• Conduct cybersecurity risk assessments for systems, networks, cloud environments, and business processes.
• Identify threats, vulnerabilities, and potential business impacts.
• Develop risk scenarios and evaluate likelihood and impact using recognized methodologies.
• Maintain and update the enterprise-wide risk register.
• Develop and implement risk treatment plans and mitigation strategies.
• Track the status of risk remediation and ensure timely completion.
• Align all cybersecurity risk activities with regulatory frameworks such as NCA ECC, ISO 27001/27005, NIST RMF.
• Support internal and external audit processes and ensure compliance with security standards.
• Create policies, standards, and procedures related to cybersecurity risk management.
• Work closely with IT, cybersecurity, and business units to identify and manage risks.
• Conduct risk workshops and awareness sessions for stakeholders.
• Communicate risk updates, findings, and recommendations to senior management.
• Monitor emerging threats, vulnerabilities, and regulatory changes.
• Update risk evaluation methodologies to reflect evolving threats.
• Assess third-party/vendor risks and ensure compliance with security requirements.

Skills and Experience

• Experience in cybersecurity risk management, GRC, or information security governance.
• Strong understanding of frameworks and standards such as:
• NCA Essential Cybersecurity Controls (ECC)
• ISO 27001 / ISO 27005
• NIST Cybersecurity Framework
• NIST SP 800-30 / 800-37
• Experience with risk assessment tools, threat modeling, and business impact analysis (BIA).
• Excellent analytical, documentation, and communication skills.

Professional Certifications (Preferred)

• CRISC - Certified in Risk and Information Systems Control
• CISM - Certified Information Security Manager
• CISSP - (for broader security governance knowledge)

Digital Forensics & Incident Response (Optional but Valuable)

• GIAC 608 - GIAC Intermediate Forensic Analyst
• GCFA - GIAC Certified Forensic Analyst
• GCFE - GIAC Certified Forensic Examine

If you are interested in this opportunity, please send your resume to ensure the position name is included in the subject line.