Risk & Compliance Analyst Risk Register Management
Client of Salt
Employer Active
Posted 1 hrs ago
Send me Jobs like this
Experience
3 - 7 Years
Job Location
Education
Bachelor of Science(Computers)
Nationality
Any Nationality
Gender
Not Mentioned
Vacancy
1 Vacancy
Job Description
Roles & Responsibilities
You will be responsible for maintaining the enterprise Risk Register as the central source of truth for cybersecurity risk management across the organisation.
Working closely with Security Operations, Engineering, Audit, Vulnerability Management, and business stakeholders, you will coordinate risk assessments, track treatment plans, maintain risk ownership, and provide executive-level risk reporting and governance support.
This role is critical in ensuring that security findings from vulnerability management, penetration testing, incidents, audits, and exception processes are translated into a coherent and actionable enterprise risk picture.
Key Responsibilities:
- Maintain and manage the enterprise Risk Register as the authoritative source for cybersecurity risks
- Facilitate risk identification workshops with both technical and business stakeholders
- Document risks using structured and consistent methodologies across threat, vulnerability, asset, and business impact dimensions
- Assess and score inherent and residual risks using agreed enterprise risk methodologies
- Track risk acceptance decisions, treatment plans, mitigation progress, and review timelines
- Ensure every material risk has an accountable owner and defined remediation strategy
- Coordinate periodic risk reviews and governance activities across stakeholders
- Map risks against:
- NIST CSF 2.0
- ISO 27001 controls
- UAE IA requirements
- NIST RMF practices
- Produce executive-level reporting including:
- Risk heatmaps
- Trend analysis
- Governance dashboards
- Risk posture reporting
- Integrate risk inputs from:
- Vulnerability Management
- Penetration testing
- Audit findings
- Security incidents
- Exception management processes
- Support audit readiness and evidence management activities
Desired Candidate Profile
Technical & GRC Experience
- Minimum 3+ years of hands-on experience in cybersecurity risk management or GRC functions
- Experience managing enterprise Risk Registers and governance workflows
- Strong familiarity with:
- NIST CSF 2.0
- ISO 27001
- NIST SP 800-37 RMF
- MITRE ATT&CK
- UAE IA Regulation
- Experience working with:
- Excel / SharePoint
- Jira
- Confluence
- YouTrack
- Understanding of enterprise security operations, vulnerability management, and audit processes
- Strong analytical and reporting capability
Technical Skills
- Scripting or automation capability using Python, Bash, or PowerShell is advantageous
- Experience creating dashboards, heatmaps, and governance reporting
Certifications
Relevant certifications are highly desirable, including:
- CISSP
- CISM
- CRISC
- GCIH
- CCSP
- ISO 27001-related certifications
Soft Skills
- Excellent written and verbal communication skills
- Strong stakeholder engagement and facilitation capability
- Ability to communicate effectively with both technical teams and executive leadership
- High attention to detail with strong organisational skills
- Ability to manage competing priorities in a fast-paced enterprise environment
Company Industry
- IT - Software Services
Department / Functional Area
- IT Software
Keywords
- Risk & Compliance Analyst Risk Register Management
Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com