Cyber Risk Manager

Main Tasks and Responsibilities:

Risk Management

• Identify, assess, and monitor IDS-related risks including operational, infrastructure, and compliance risks.
• Conduct periodic risk assessments, internal audits, and gap analyses.
• Collaborate with IT, Cybersecurity, and Enterprise Architecture teams to define and implement control frameworks aligned to ISO 27005, NIST RMF, and COBIT principles.
• Maintain a centralized risk register and ensure timely mitigation, acceptance, transfer, or avoidance strategies for each identified risk.
• Regularly review risk appetite, metrics, and thresholds in collaboration with Governance and Internal Audit functions.

Disaster Recovery (DR) Planning

• Lead the design, implementation, testing, and continual improvement of IDS DR plans aligned with ISO 22301.
• Define business impact assessments (BIAs), RTOs (Recovery Time Objectives), and RPOs (Recovery Point Objectives) for critical systems and applications.
• Coordinate DR simulations, tabletop exercises, and live recovery tests across digital environments.
• Ensure DR strategies are aligned with on-premises, private cloud, and hybrid cloud environments.
• Collaborate with business continuity leads across entities to ensure interdependency planning and resilience readiness.

Compliance Management

• Monitor and ensure compliance with internal policies, national regulations, and global frameworks.
• Prepare for internal and external audits by maintaining a compliance evidence repository, ensuring traceability and accountability.
• Contribute to the development and update of IDS policies, procedures, processes, and SOPs.
• Conduct third-party risk assessments and ensure vendor compliance through contract clauses, periodic reviews, and audits.
• Liaise with legal, risk, and regulatory teams for evolving requirements.

Incident Response

• Act as a core member of the Incident Response Team for IDS-related incidents.
• Help establish and maintain response playbooks for cyberattacks, data breaches, outages, and system compromises.
• Support forensic investigations and root cause analysis following incidents.
• Lead post-incident reviews and implement lessons learned into the risk and DR frameworks.

Training and Awareness

• Design and deliver role-based training programs on risk management, DR awareness, and compliance best practices for IDS teams and business users.
• Drive a culture of risk ownership, security awareness, and policy compliance.
• Build and maintain a knowledge hub for best practices and regulatory updates.

Continuous Improvement

• Monitor global trends in cyber resilience, regulatory technology, and digital risk.
• Propose enhancements to current systems, including automation, data analytics, and integrated dashboards for real-time visibility.
• Lead process maturity assessments using CMMI or similar frameworks and develop improvement roadmaps.

Key Interactions:

• Internal: OQSAOC Streams/Assets
• External: Technology vendors, auditors, regulators, managed service providers

Education Requirements:

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field
• Master's degree or relevant certifications (e.g., CISSP, CISM, CBCP, ISO 27001 Lead Implementer/Auditor) preferred

Language:

• Excellent knowledge of written, read, and spoken English (required)
• Arabic - Native (desirable)

Background and Experience:

• 6-8 years of experience in cybersecurity, risk management, compliance

Competencies and Skills:

• Strong understanding of data protection laws and DR frameworks

About This Role:

This position is responsible for managing IDS-related risks, implementing DR plans, and ensuring compliance with internal policies and global frameworks. The ideal candidate will have a strong background in cybersecurity, risk management, and compliance, with excellent communication skills and the ability to work effectively with cross-functional teams.

We Offer:

A competitive salary and benefits package, as well as opportunities for career growth and professional development.