Cybersecurity Risk Assessment Expert
Job Description
*Job Summary:*
We are seeking a highly experienced Cybersecurity Risk Assessment Expert to lead enterprise-wide risk assessments, develop risk mitigation strategies, and ensure alignment with leading risk management frameworks such as *NIST RMF* and *ISO 27005. The ideal candidate will bring **10+ years of experience* in cybersecurity risk analysis and governance, with deep understanding of the evolving threat landscape and regulatory environment in *Saudi Arabia*.
*Key Responsibilities:*
* *Enterprise Risk Assessments:*
Conduct detailed cybersecurity risk assessments across IT and OT environments. Identify vulnerabilities, threats, and control weaknesses.
* *Framework Alignment:*
Implement and maintain cybersecurity risk management programs based on *NIST Risk Management Framework, **ISO 31000, and **ISO/IEC 27005* standards.
* *Risk Treatment Planning:*
Develop risk treatment plans and recommend appropriate controls to reduce residual risk to acceptable levels.
* *Regulatory Compliance:*
Ensure compliance with *Saudi Arabian cybersecurity regulations*, including NCA Essential Cybersecurity Controls (ECC), PDPL, and relevant sectoral standards (e.g., SAMA, CITC/DICT).
* *Risk Reporting:*
Prepare executive-level risk reports, risk registers, heat maps, and dashboards. Communicate risk exposure to senior leadership and relevant stakeholders.
* *Third-Party Risk Management:*
Evaluate cybersecurity risks associated with vendors, partners, and third-party service providers. Contribute to supplier assessments and due diligence.
* *Business Impact Analysis (BIA):*
Support BIA activities to assess potential impacts of cybersecurity risks on business operations, data privacy, and critical services.
* *Security Governance Support:*
Contribute to policy development, security awareness programs, and the organization’s overall security posture improvement.
* *Audit & Review Support:*
Collaborate with internal and external auditors to address findings related to cybersecurity risk and compliance.
*Required Qualifications:*
* Bachelor’s or Master’s degree in Information Security, Computer Science, Risk Management, or related field.
* *Minimum 10 years of experience* in cybersecurity, with at least 5 years focused on risk assessment and governance.
* Extensive knowledge of *NIST RMF, **ISO 31000, **ISO/IEC 27005*, and risk quantification methodologies.
* Familiarity with Saudi regulatory frameworks such as *NCA ECC, **PDPL, and sector-specific guidance (e.g., **SAMA Cybersecurity Framework*).
* Strong understanding of threat modeling, attack vectors, and control validation techniques.
* Experience with GRC platforms and risk management tools.
*Preferred Certifications:*
* *CRISC (Certified in Risk and Information Systems Control) *
* *CISSP, **CISM, **ISO 27005 Risk Manager*
* *NCA-approved cybersecurity certification* (preferred)
* *Arabic language* proficiency is a plus.
*Key Competencies:*
* Excellent analytical and problem-solving skills.
* Strong communication skills – able to convey complex risk concepts to technical and non-technical audiences.
* Ability to influence decision-making and promote risk-aware culture.
* Attention to detail and proactive in identifying gaps and proposing improvements.
Desired Candidate Profile
Any GCC National, Egyptian, Indian, Pakistani
Bachelor of Technology/Engineering(Computers), Bachelor of Science(Technology)
Any
