Job Description

CYBERSECURITY RISK SPECIALIST

Location : Abudhabi

Required Certifications: CISSP, CISA, CISM

JOB SUMMARY:

The Cybersecurity Risk Specialist will be responsible for identifying, assessing, and mitigating cybersecurity risks to protect our organization's critical assets and data. You will collaborate with cross-functional teams to implement risk management strategies and controls aligned with industry standards and regulatory requirements. This role requires strong analytical skills, risk assessment expertise, and the ability to communicate effectively

with stakeholders.

JOB SPECIFIC RESPONSIBILITIES:

Risk Identification: Identify cybersecurity risks across the organization (covering IT, OT and data), considering business objectives, threat landscape, and regulatory requirements.

Risk Assessment and Management: Conduct cybersecurity risk assessments including vulnerability assessments, threats, and their potential impact on the organization.

Risk Mitigation and Controls: Develop and implement risk mitigation strategies and controls, in collaboration with relevant stakeholders, to reduce risk exposure and strengthen the organization's cybersecurity defenses. Collaborate with IT, OT and business units to ensure effective implementation of security controls and countermeasures.

Risk Monitoring and Reporting: Monitor cybersecurity risks on an ongoing basis, leveraging threat intelligence and risk assessment tools. Generate risk reports and dashboards to communicate risk status, trends, and mitigation efforts to stakeholders and senior leadership. Document any residual risks, providing justifications and securing sign-off from management.

Vendor Risk Management: Contribute towards vendor risk management processes and framework. Evaluate and manage cybersecurity risks associated with third-party vendors and service providers.

Cybersecurity Risk Register & GRC Tool: Develop and maintain a cybersecurity risk register, systematically tracking and prioritizing risks. Onboard and operationalize the GRC tool.

MINIMUM EXPERIENCE LEVEL

· Minimum of 8 years of experience in Cybersecurity Risk Management

· Diverse/multi-cultural business industry (obtained from medium to large organisation)

· Multi-national company

· Energy and utility sector preferred

Job-related competencies and proficiency levels:

Behavioural

· Organisational excellence (level 3) - Professional

· Encourage continuous learning (level 3) - Professional

· Build effective relationships (level 3) - Professional

· Communicate with impact (level 3) - Professional

· Adopt a strategic mindset (level 3) - Professional

Technical

· Cybersecurity Risk management (level 3) - Professional

· Cybersecurity risk reporting and Risk Register (level 3) - Professional