Responsibilities

• Develop an IT Risk Management Framework and Methodology that aligns with Enterprise Risk Management Framework and complies with applicable Saudi regulatory requirements, including CMA, Tadawul, NCA, SAMA ITGF, NDMO, and PDPL
• Conduct comprehensive IT risk assessments covering all in-scope applications, systems, and supporting infrastructure, ensuring thorough evaluation of inherent and residual risks
• Identify, assess, and document IT risks, including technology, security, operational, data, and third‑party risks, using structured and defensible assessment techniques
• Develop detailed application-level risk registers and a consolidated enterprise-level IT risk register, ensuring alignment with regulatory expectations and internal governance standards
• Perform control gap analyses to evaluate the adequacy and effectiveness of existing IT and security controls, identifying deficiencies and areas requiring enhancem...