Job Purpose:
The Senior IT Governance & Risk Specialist is responsible for establishing, maintaining, and continuously improving IT governance and risk management practices across the organization. This role ensures that IT operations are effectively aligned with business objectives, regulatory requirements, and cybersecurity frameworks, regulatory requirements, industry standards, and the Najm's risk appetite. Key responsibilities include identifying and managing IT-related risks, implementing governance policies, and providing assurance to senior management that IT processes are well-controlled, compliant, and resilient.
Functional Responsibilities:
- Develop and maintain IT risk governance framework aligned with Najm's policies and national / international standards (NCA, SAMA, ISO 27001, ISO 31000, ISO 20000, ITIL, COBIT 2019).
- Ensure IT risk activities align with Najm's Enterprise risk management (ERM).
- Identify, assess, and monitor IT-related risks, and recommend appropriate mitigation plans.
- Recommend and validate IT controls to mitigate identified risks and collaborate with the risk owners for mitigation plan.
- Ensure compliance with regulatory and legal requirements related to IT risk governance and cybersecurity.
- Coordinate with internal and external auditors to support audit processes and close identified gaps.
- Monitor and provide with dashboard and report on IT controls effectiveness, risk exposure, and compliance status to management.
- Collaborate with cross-functional teams to align with IT risk controls and business objectives.
- Develop, review, and update IT policies, standards , and procedures to support governance and risk practices.
- Support awareness and training programs on IT governance, compliance, and risk management.
- Oversee risk registers and ensure timely updates of risk assessments.
Ensuring continuous improvement of IT risk management program by regular updating the risk register and related documents to align with regulatory and international standards.
Role Specific skills Requirement:
- Minimum 4+ Years of IT Risk Management, IT Audits experience.
- Strong knowledge of IT governance frameworks and risk management methodologies.
- Experience with GRC tools and risk assessment platforms is a plus.
- Professional certifications such as CRISC, CISA, ISO 27001 & ISO 20000 Lead Implementer/Auditor are highly desirable.
- Microsoft Office Proficiency
- Monitor SLA services Level agreements to deliver appropriate IT services
- Manage IT risk KPI and enhance the performance by measure SLA, OLA.
- Ability to work effectively both independently and as part of a team.
Ability to work on tight deadlines.
