IT Risk Management

TAWANTECH

Key Responsibilities

• Develop and maintain IT Risk Management Framework and IT Risk Register
• Define and monitor IT Risk Appetite and KRIs
• Conduct IT & Cyber risk assessments across applications, infrastructure, cloud, cybersecurity, and third parties
• Perform inherent and residual risk analysis
• Ensure compliance with:
• Saudi Central Bank Cybersecurity Framework (CSF)
• National Cybersecurity Authority Essential Cybersecurity Controls (ECC)
• International Organization for Standardization ISO 27001
• ISACA COBIT
• PCI Security Standards Council PCI-DSS
• Monitor remediation plans and control effectiveness
• Prepare IT Risk reports for Senior Management, Risk Committee, and Board
• Manage third-party IT risk assessments
• Support internal and regulatory audits