Risk & Compliance Analyst – Risk Register Management

We are currently supporting a major enterprise client in Abu Dhabi that is looking to hire an experienced Risk & Compliance Analyst to take ownership of the operational management of the enterprise Cybersecurity Risk Register.

This is a high-visibility GRC role focused on ensuring that security risks are captured, assessed, tracked, governed, and reported in a consistent and audit-ready manner across the organisation.

The successful candidate will play a key role in translating technical security findings into business-accountable risk decisions while ensuring alignment with recognised frameworks including NIST CSF 2.0, ISO 27001, UAE IA Regulation, and NIST SP 800-37 RMF.

The Role

You will be responsible for maintaining the enterprise Risk Register as the central source of truth for cybersecurity risk management across the organisation.

Working closely with Security Operations, Engineering, Audit, Vulnerability Management, and business stakeholders, you will coordinate risk assessments, track treatment plans, maintain risk ownership, and provide executive-level risk reporting and governance support.

This role is critical in ensuring that security findings from vulnerability management, penetration testing, incidents, audits, and exception processes are translated into a coherent and actionable enterprise risk picture.

Key Responsibilities:

• Maintain and manage the enterprise Risk Register as the authoritative source for cybersecurity risks
• Facilitate risk identification workshops with both technical and business stakeholders
• Document risks using structured and consistent methodologies across threat, vulnerability, asset, and business impact dimensions
• Assess and score inherent and residual risks using agreed enterprise risk methodologies
• Track risk acceptance decisions, treatment plans, mitigation progress, and review timelines
• Ensure every material risk has an accountable owner and defined remediation strategy
• Coordinate periodic risk reviews and governance activities across stakeholders
• Map risks against:
  • NIST CSF 2.0
  • ISO 27001 controls
  • UAE IA requirements
  • NIST RMF practices
• Produce executive-level reporting including:
  • Risk heatmaps
  • Trend analysis
  • Governance dashboards
  • Risk posture reporting
• Integrate risk inputs from:
  • Vulnerability Management
  • Penetration testing
  • Audit findings
  • Security incidents
  • Exception management processes
• Support audit readiness and evidence management activities

What We’re Looking For

Technical & GRC Experience

• Minimum 3+ years of hands-on experience in cybersecurity risk management or GRC functions
• Experience managing enterprise Risk Registers and governance workflows
• Strong familiarity with:
  • NIST CSF 2.0
  • ISO 27001
  • NIST SP 800-37 RMF
  • MITRE ATT&CK
  • UAE IA Regulation
• Experience working with:
  • Excel / SharePoint
  • Jira
  • Confluence
  • YouTrack
• Understanding of enterprise security operations, vulnerability management, and audit processes
• Strong analytical and reporting capability

Technical Skills

• Scripting or automation capability using Python, Bash, or PowerShell is advantageous
• Experience creating dashboards, heatmaps, and governance reporting

Certifications

Relevant certifications are highly desirable, including:

• CISSP
• CISM
• CRISC
• GCIH
• CCSP
• ISO 27001-related certifications

Soft Skills

• Excellent written and verbal communication skills
• Strong stakeholder engagement and facilitation capability
• Ability to communicate effectively with both technical teams and executive leadership
• High attention to detail with strong organisational skills
• Ability to manage competing priorities in a fast-paced enterprise environment

Key Objectives

• Deliver a complete, current, and defensible enterprise Risk Register
• Ensure every material risk has an owner, treatment plan, and review schedule
• Provide leadership with accurate, trend-based risk reporting and governance visibility
• Achieve full integration between technical security findings and enterprise risk management processes
• Maintain audit-ready governance processes with zero orphaned or stale risks

Salt is acting as an Employment Business in relation to this vacancy.