Current jobs related to Technology & Cyber Security Risk Senior Manager - Riyadh, Ar Riyāḑ - MEDGULF Saudi Arabia

  • Senior Cyber Security Consultant

    4 days ago

    Riyadh, Ar Riyāḑ, Saudi Arabia Salt Full time 60,000 - 120,000 per year

    Senior Cyber Security Consultant – AdvisoryIndustry: Cyber Security & Technology ConsultingAbout the RoleWe are seeking a Senior Cyber Security Consultant to join our client's growing advisory practice in the Middle East. The ideal candidate will have a strong background in security architecture, SOC assessments, and governance, risk, and compliance (GRC)...

  • Cyber Security Senior Manager

    8 hours ago

    Riyadh, Ar Riyāḑ, Saudi Arabia Astek Middle East Full time

    "This position is open to Saudi nationals only."Managerial Responsibilities:(8+ years of working experience in the IT security field)‎Cyber security and information risks. Oversee and work closely with IT department and leadership team across the business functions. Responsible for the strategic direction and technical implementation of the cyber and...

  • Senior Cyber Security Manager

    4 days ago

    Riyadh, Ar Riyāḑ, Saudi Arabia Astek Middle East Full time 60,000 - 180,000 per year

    As the Cyber Security Senior Manager, you will be responsible for defining and leading the strategic direction, implementation, and governance of the organization's cybersecurity and information security programs. This role ensures that all data, systems, and digital assets are effectively protected against evolving cyber threats while maintaining full...

  • Assistant Vice President, Cyber Security

    2 days ago

    Riyadh, Ar Riyāḑ, Saudi Arabia MUFG Full time

    Do you want your voice heard and your actions to count? Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships,...

  • Cyber Security Specialist

    6 days ago

    Riyadh, Ar Riyāḑ, Saudi Arabia PrimeResources Full time $150,000 - $250,000 per year

    Company DescriptionPrimeResources specializes in building efficient and reliable workforces by connecting skilled professionals with organizations seeking top-tier talent. Recognized as a leading manpower provider in Saudi Arabia, PrimeResources ensures seamless and stress-free hiring processes across multiple industries. The company is dedicated to...

  • Cyber Security Senior Manager

    2 days ago

    Riyadh, Ar Riyāḑ, Saudi Arabia Astek Full time

    For one of our clients we are on the lookout for aCyber Security Senior Managerto spearhead their cybersecurity and information security initiatives.Key Responsibilities:Develop, implement, and oversee the execution of comprehensive cybersecurity strategies.Work closely with IT and business executives to ensure seamless integration of security measures...

  • Head of Cyber Security

    1 week ago

    Riyadh, Ar Riyāḑ, Saudi Arabia Leader Investment Group - LIG Full time

    Company DescriptionLeader Investment Group (LIG) is a multinational corporation and a global leader in Management Consultation, Executive Consultation, Digital Transformation, and IT. We specialize in helping businesses modernize through Business Process Solutions, IT Solutions, and Digital Transformation. Our proven track record of solving business...

  • Cyber Security Solution Expert

    2 weeks ago

    Riyadh, Ar Riyāḑ, Saudi Arabia Ansen Technology Full time 90,000 - 120,000 per year

    Position: Cyber Security Solution Expert (Pre-Sales)Location:Riyadh, KSA. (Flexible within MENA region, with frequent overseas travel required)Work Mode:Full time, on siteRiyadh Office:2nd Floor AlRaidah Tower, King Fahd Rd, Al Mohammadiyyah, Riyadh 12363, Saudi ArabiaAbu Dhabi Office: 4203, Level 42, Addax Office Tower, City of Lights, Al Reem Island, Abu...

  • Cyber Security Architect

    1 week ago

    Riyadh, Ar Riyāḑ, Saudi Arabia Synergy Consulting Co Full time

    About the RoleWe are seeking an accomplishedCyber Security Architectto lead the design and implementation of secure, compliant, and resilient enterprise technology environments. The role requires strong technical depth, hands-on experience with complex IT ecosystems, and an ability to align cyber defense strategies withSaudi National Cybersecurity Authority...

  • Cyber Security Senior Consultant

    6 days ago

    Riyadh, Ar Riyāḑ, Saudi Arabia Devoteam Full time $80,000 - $120,000 per year

    Tech for People Unlocks the FutureAt Devoteam, we believe that technology, combined with strong human values, can actively drive change for the better. Discover how Tech for People is shaping the future, creating a positive impact on individuals and the world around us.With over 25 years of passion for technology and a presence in 18+ countries across EMEA...

Technology & Cyber Security Risk Senior Manager

2 weeks ago

Riyadh, Ar Riyāḑ, Saudi Arabia MEDGULF Saudi Arabia Full time 120,000 - 240,000 per year

SUMMARY:

The Technology & Cyber Security Risk Senior Manager is responsible for identifying, assessing, and mitigating enterprise-level IT and cybersecurity risks to strengthen MedGulf's technology risk posture and resilience. This role plays a critical part in safeguarding MedGulf's digital assets, IT infrastructure, and business-critical applications while aligning with regulatory requirements (e.g., SAMA, Insurance Authority, NCA) and industry best practices (ISO 27001, ISO Key responsibilities include developing and implementing risk management frameworks, assessing emerging technology risks, fostering a risk-aware culture, and driving cross-functional collaboration to enhance MedGulf's overall technology resilience.

ACCOUNTABILITIES & ACTIVITIES:

  • Risk Management:


• Develop and implement an IT & Cybersecurity risk management framework aligned with MedGulf's enterprise risk management approach and risk appetite, IT Governance Framework (ITGF), Cybersecurity Framework (CSF), and ISO 27001.


• Identify, assess, and mitigate technology, cybersecurity, data privacy, and cloud security risks that could impact MedGulf's operations, business continuity, data, and regulatory compliance.


• Conduct regular technology risk assessments to proactively identify and address emerging risks.


• Recommend and oversee the implementation of risk mitigation controls, continuously monitoring risk exposure.


• Develop and track Key Risk Indicators (KRIs) to monitor and prioritize critical IT and cybersecurity risks.


• Provide input to the Enterprise Risk Management (ERM) team on risk appetite, governance frameworks, and policies.


• Collaborate with IT and cybersecurity teams to design, test, and enhance IT risk controls.


• Provide independent oversight of IT & cybersecurity risk controls implemented by IT and Security teams.


• Engage with third party responsible for performing penetration testing, and to update the IT & Cybersecurity risk profile.


• Perform independent assessment of SOC to ensure that vulnerabilities are assessed, and addressed timely.

  • Technology Resilience and Incident Management :


• Assess and manage risks related to new technologies, third-party vendors, cloud services, and digital transformation initiatives.


• Conduct risk-based testing on IT systems, applications, and infrastructure to ensure operational resilience.


• Lead and participate in root cause analysis, investigations, and remediation efforts for technology-related incidents reported to the Risk Management division.


• Coordinate response efforts for major IT incidents or system failures that could disrupt MedGulf's operations.


• Ensure IT risk assessment is integrated into Business Continuity (BCM) and Disaster Recovery (DR)

strategies, ensuring IT & cybersecurity risks are addressed in crisis management planning.


• Review the accuracy and rationality of periodic self-assessment against maturity level of Cybersecurity Framework before submission with regulator.


• Analyze emerging cyber threats, conduct forensic analysis, and provide risk-based reporting to senior management and cybersecurity leadership.

  • Risk Awareness & Reporting :


• Develop and deliver IT & Cybersecurity risk awareness programs to promote a risk-conscious culture among MedGulf employees.


• Provide regular risk reports and insights to executive management, highlighting key technology risk trends and mitigation strategies.


• Present risk assessment findings, remediation plans, and compliance updates to executive stakeholders and governance committees.


• Support internal audit and external regulatory audits, ensuring IT and cybersecurity risk areas are assessed and mitigated proactively.

  • IT Strategy, Governance & Compliance :


• Establish and oversee the IT Governance Framework in alignment with SAMA ITGF, ISO 27001, and NIST standards.


• Ensure IT risk management is integrated into overall IT governance and strategic decision-making processes.


• Review the cybersecurity strategy to ensure its alignment with the business objectives, and to create cyber resilience across all the processes.


• Collaborate with IT, Compliance, and Risk Committees to ensure IT governance aligns with corporate governance objectives.


• Develop and enforce IT risk policies, standards, and procedures, ensuring alignment with enterprise risk management (ERM) frameworks.


• Participate in IT Steering Committee (ITSC) and Risk Committee discussions, providing IT risk insights to governance bodies.


• Manage third-party IT risk governance, ensuring vendor risk assessments, contract security clauses, and compliance reviews are in place.


• Evaluate and provide risk advisory on major IT investments, ensuring alignment with business objectives and compliance with SAMA regulations.


• Monitor effectiveness of strategic initiatives and recommend improvements.


• Monitor the effectiveness of IT strategic initiatives from a risk perspective and recommend necessary improvements.


• Ensure that IT risk management is integrated into IT strategic planning, budgeting, and decision-making.

MAIN CONTACTS / OPERATING STAKEHOLDERS :

  • INTERNAL CONTACT :


• Risk Management Executive Director – engage with executive leadership to communicate and address critical technology risks.


• Operational and Resilience Risk Director / ERM Senior Manager – contribute to risk appetite discussions, governance framework development, KRI tracking, and updates to risk registers.


• IT Governance and Infrastructure Teams and Cyber Security Teams – collaborate on risk mitigation strategies and security controls.


• Resilience and Business Continuity Manager – ensure IT risk considerations are integrated into business continuity and operational resilience planning.


• IT Steering Committee – should provide independent risk oversight within the IT Steering Committee (ITSC) by assessing IT and cybersecurity risks in strategic IT initiatives, digital transformation projects, and major system changes.

  • EXTERNAL CONTACT :


• External Auditors and Consultants – provide support for IT risk audits, regulatory assessments, and compliance reviews.


• Third-Party Vendors and Service Providers – evaluate and monitor IT risk exposure from outsourced services, cloud providers, and key technology partners.


• Regulators – should ensure compliance with regulatory requirements (e.g., SAMA IT Governance Framework, NCA Cybersecurity Controls) by overseeing IT risk assessments, responding to regulatory inquiries, and coordinating audits.

  • WORKING ENVIRONMENT:


• Cross-functional collaboration with Enterprise Risk, Operational Risk, IT, Cybersecurity, Governance, and Business Continuity teams to ensure an integrated approach to technology risk management.


• Regular engagement with executive leadership and key stakeholders to provide risk insights, support decision-making, and enhance IT risk governance.


• Interaction with external auditors, regulators, and third-party service providers to facilitate compliance reviews, audits, and vendor risk assessments.


• Office-based work, with occasional travel for risk assessments and stakeholder engagements as needed.


• Fast-paced and dynamic environment, requiring adaptability to evolving regulatory requirements, emerging technology threats, and risks.

  • QUALIFICATIONS/REQUIREMENTS:


• Bachelor's or Master's degree in Computer Science, Information Systems, Cybersecurity, Risk Management, or a related field.


• 7+ years of experience in IT risk management, preferably within the insurance or financial services sector.


• Strong background in IT governance, risk, and compliance (GRC), with expertise in regulatory requirements (e.g., SAMA, NCA, Insurance Authority) and industry best practices (e.g., ISO 27001, ISO


• Experience in risk assessments, control design, third-party/vendor risk management, and IT audits.


• Prior experience in business continuity and incident management is an advantage.

  • CERTIFICATIONS :


• CISA, CISSP, CISM, CRISC, or equivalent risk/security certifications.


• ITIL, ISO 22301, or BCM-related certification is a plus.