Cybersecurity Risk Specialist

The Cybersecurity Risk Specialist identifies, assesses, and manages cybersecurity risks across Salam and Salam Mobile's technical projects, infrastructure, people, third-party, process and cloud environments. This role ensures compliance with regulatory NCA and CST, maintains an up-to-date risk register and treatment plans, and conducts annual risk assessments for Salam's assets, including technical infrastructure, social media, and cloud technology. The specialist collaborates with internal teams to gather system information, reviews security configurations, and advises on risk mitigations, supporting effective and proactive risk management across the organization.

Duties & Responsibilities:

• Conduct cybersecurity risk assessments for technical projects throughout their lifecycle, including planning, implementation, and go-live phases.
• Assess cybersecurity risks associated with significant changes to Salam's infrastructure.
• Evaluate cybersecurity risks during the planning phase for third-party services, prior to contract and SLA signing.
• Periodically assess and monitor the cybersecurity posture of critical third-party vendors.
• Perform an annual cybersecurity risk assessment covering Salam's people, technology, and processes.
• Assess cybersecurity risks associated with Salam's social media accounts on an annual basis.
• Conduct risk assessments for new social media accounts before granting approval to the Marcom team.
• Evaluate risks related to Salam's cloud technology stack, covering both provider and tenant environment.
• Collaborate with Information Technology, Cybersecurity, and Operations teams to collect detailed system information at least twice a year.
• Review secure configuration and hardening reports, assess associated risks, and provide recommendations.
• Check the source code review for all the systems developed in-house.
• Maintain a current risk register and develop treatment plans with assigned due dates to manage risks effectively.
• Prepare risk acceptance documentation as required and track the resolution of each acceptance.
• Report and present risk status through dashboards to the Cybersecurity Committee and in weekly meetings with the department.
• Prepare a risk report after completing each risk cycle, summarizing key findings and actions taken.
• Ensure continuous follow-up on the treatment plan to ensure timely risk mitigation and resolution.
• Manage Salam's risk platform on the Haseen portal, ensuring accurate and updated risk data.
• Ensure compliance with National Cybersecurity Authority (NCA) standards for all risk management activities.
• Adhere to Communication, Space, and Technology Commission (CST) regulatory requirements in Cybersecurity Risk related requests and reporting.

Job Requirements:

• BS/MS in Computer Science, Information Systems, Information Technology, Cybersecurity or equivalent qualification.
• Experience developing and implementing GRC policies and procedures.
• Multitasking skills, ability to work under pressure.
• Excellent communication skills, planning, process-oriented and result-driven.
• Work collaboratively with other departments and stakeholders.
• Certification or training related to Cybersecurity.
• Holding one of the following professional certificates is preferred.
• 5-10 years of experience in a relevant role.
• Good experience using Office products.
• Fluent in English and native in Arabic.