Risk Management Specialist

We are seeking an experienced Cybersecurity Risk Management Specialist to join our team in Riyadh. The role focuses on identifying, assessing, and managing cybersecurity risks across enterprise environments, ensuring compliance with Saudi regulatory requirements and international standards. The successful candidate will play a key role in strengthening the organization’s cybersecurity posture by aligning risk management practices with NCA ECC
, ISO
/
IEC 27005
, and ISO 22301 frameworks.

• Perform enterprise-wide cybersecurity risk assessments in alignment with ISO/IEC 27005 and applicable Saudi regulatory frameworks.
• Establish, maintain, and govern organizational risk registers
  , including risk scoring, ownership, treatment plans, and acceptance criteria.
• Manage and oversee Vulnerability Assessment and Penetration Testing (VA/PT) activities, ensuring findings are prioritized, tracked, and remediated.
• Review and assess network, infrastructure, application, cloud, and endpoint security architectures to identify systemic risks and control gaps.
• Design and monitor risk treatment and remediation plans
  , including dashboards and KPIs for management visibility.
• Support audit readiness and regulatory compliance activities
  , including NCA, SAMA, and internal/external audits.
• Translate technical vulnerabilities and threats into business impact and regulatory risk
  .
• Prepare and deliver executive-level cybersecurity risk posture reports aligned with NCA ECC domains.
• Collaborate with IT, SOC, infrastructure, and application teams to improve control design and security effectiveness.
• Support business continuity, resilience, and disaster recovery initiatives in line with ISO 22301.
• Contribute to continuous improvement of cybersecurity governance, policies, and procedures.

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related discipline
  .
• Minimum 5 years of hands‑on experience in cybersecurity risk management, governance, or compliance.
• Mandatory certifications:
• Certified Ethical Hacker (CEH v12)
• CompTIA Security+
• Strong working knowledge of:
• NCA Essential Cybersecurity Controls (ECC)
• ISO/IEC 27001 & 27005
• Business Continuity & Resilience frameworks

• Strong expertise in risk assessment methodologies
  , threat modeling, and control evaluation.
• Solid understanding of enterprise security architecture (network, application, cloud, and endpoint).
• Experience with risk treatment planning, remediation tracking, and reporting dashboards
  .
• Ability to communicate complex technical risks in business and regulatory language
  .
• Excellent documentation, reporting, and stakeholder engagement skills.
• Strong analytical and problem‑solving abilities.
• Led multiple cybersecurity risk assessments and vulnerability management programs
  , mapping findings to business impact and regulatory requirements.
• Designed and implemented risk treatment plans and remediation dashboards
  .
• Conducted security architecture reviews for critical and regulated systems
  .
• Delivered quarterly cybersecurity risk posture reports aligned with NCA ECC domains.