Lead and manage Qiddiya's Third-Party Security Risk Management program to ensure vendors, partners, consultants, and service providers comply with cybersecurity requirements and do not introduce unacceptable risks to Qiddiya's information assets, systems, and operations. The role is responsible for establishing security assessment frameworks, overseeing vendor security reviews, and driving remediation of identified risks. This aligns with industry practices for cybersecurity risk management and third-party oversight.

Key Responsibilities

• Develop and maintain the Third-Party Security Risk Management (TPSRM) framework.
• Conduct cybersecurity due diligence and risk assessments for vendors and suppliers.
• Review security requirements during procurement, RFP, and contract stages.
• Assess cloud providers, SaaS platforms, managed service providers, and strategic partners.
• Define vendor security controls aligned with NCA ECC, ISO 270...