×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Risk & Compliance Analyst – Risk Register Management

Job in Abu Dhabi, UAE/Dubai
Listing for: Salt Digital Recruitment
Full Time position
Listed on 2026-06-03
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 120000 - 200000 AED Yearly AED 120000.00 200000.00 YEAR
Job Description & How to Apply Below

We are currently supporting a major enterprise client in Abu Dhabi that is looking to hire an experienced Risk & Compliance Analyst to take ownership of the operational management of the enterprise Cybersecurity Risk Register. This is a high-visibility GRC role focused on ensuring that security risks are captured, assessed, tracked, governed, and reported in a consistent and audit-ready manner across the organisation.

The successful candidate will play a key role in translating technical security findings into business-accountable risk decisions while ensuring alignment with recognised frameworks including NIST CSF 2.0, ISO 27001, UAE IA Regulation, and NIST SP 800-37 RMF.

The Role

You will be responsible for maintaining the enterprise Risk Register as the central source of truth for cybersecurity risk management across the organisation. Working closely with Security Operations, Engineering, Audit, Vulnerability Management, and business stakeholders, you will coordinate risk assessments, track treatment plans, maintain risk ownership, and provide executive-level risk reporting and governance support. This role is critical in ensuring that security findings from vulnerability management, penetration testing, incidents, audits, and exception processes are translated into a coherent and actionable enterprise risk picture.

Key Responsibilities
  • Maintain and manage the enterprise Risk Register as the authoritative source for cybersecurity risks
  • Facilitate risk identification workshops with both technical and business stakeholders
  • Document risks using structured and consistent methodologies across threat, vulnerability, asset, and business impact dimensions
  • Assess and score inherent and residual risks using agreed enterprise risk methodologies
  • Track risk acceptance decisions, treatment plans, mitigation progress, and review timelines
  • Ensure every material risk has an accountable owner and defined remediation strategy
  • Coordinate periodic risk reviews and governance activities across stakeholders
  • Map risks against:
    • NIST CSF 2.0
    • ISO 27001 controls
    • UAE IA requirements
    • NIST RMF practices
  • Produce executive‑level reporting including:
    • Risk heatmaps
    • Trend analysis
    • Governance dashboards
    • Risk posture reporting
  • Integrate risk inputs from:
    • Vulnerability Management
    • Penetration testing
    • Audit findings
    • Security incidents
    • Exception management processes
  • Support audit readiness and evidence management activities
What We’re Looking For Technical & GRC Experience
  • Minimum 3+ years of hands‑on experience in cybersecurity risk management or GRC functions
  • Experience managing enterprise Risk Registers and governance workflows
  • Strong familiarity with:
    • NIST CSF 2.0
    • ISO 27001
    • NIST SP 800‑37 RMF
    • MITRE ATT&CK
  • Experience working with:
    • Excel / Share Point
    • Jira
    • Confluence
    • You Track
  • Understanding of enterprise security operations, vulnerability management, and audit processes
  • Strong analytical and reporting capability
Technical Skills
  • Scripting or automation capability using Python, Bash, or Power Shell is advantageous
  • Experience creating dashboards, heatmaps, and governance reporting
Certifications
  • CISSP
  • CISM
  • CRISC
  • GCIH
  • CCSP
  • ISO 27001‑related certifications
Soft Skills
  • Excellent written and verbal communication skills
  • Strong stakeholder engagement and facilitation capability
  • Ability to communicate effectively with both technical teams and executive leadership
  • High attention to detail with strong organisational skills
  • Ability to manage competing priorities in a fast‑paced enterprise environment
Key Objectives
  • Deliver a complete, current, and defensible enterprise Risk Register
  • Ensure every material risk has an owner, treatment plan, and review schedule
  • Provide leadership with accurate, trend‑based risk reporting and governance visibility
  • Achieve full integration between technical security findings and enterprise risk management processes
  • Maintain audit‑ready governance processes with zero orphaned or stale risks

Salt is acting as an Employment Business in relation to this vacancy.

#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search