Risk & Compliance Analyst – Enterprise Risk Register

About the role

We are seeking a Risk & Compliance Analyst to own the enterprise Risk Register, ensuring it remains a living, authoritative source of truth for all information security and technology risks. The role sits within the Governance, Risk & Compliance function, translating technical security findings into structured, business‑owned risk decisions aligned to NIST CSF 2.0, ISO 27001, NIST SP 800‑37 RMF and UAE IA requirements.

Key responsibilities

• Own and maintain the enterprise Risk Register as the single source of truth for all security and technology risks.
• Facilitate risk identification workshops with technical teams, business stakeholders, and control owners.
• Define and document risks using a structured format: threat × vulnerability × asset × impact.
• Perform and maintain inherent and residual risk scoring, including tracking risk acceptance decisions.
• Ensure every risk has a clearly defined owner, treatment plan, and review cycle.
• Coordinate periodic risk reviews and track remediation progress to closure.
• Map risks to relevant frameworks (NIST CSF 2.0, ISO 27001, UAE IA, NIST SP 800‑37 RMF).
• Produce risk heatmaps, trend analysis, and monthly executive dashboards.
• Integrate inputs from vulnerability management, penetration testing, audit findings, security incidents, and policy exceptions into the Risk Register.
• Ensure risk data is audit‑ready and supports regulatory and internal assurance requirements.

Required profile

• Minimum 3 + years of experience in GRC, risk management, cybersecurity governance or similar roles.
• Hands‑on experience with Risk Registers or equivalent enterprise risk tooling.
• Strong understanding of NIST CSF 2.0, ISO 27001, MITRE ATT&CK and related security frameworks.
• Ability to translate technical security findings into business‑oriented risk decisions.
• Experience facilitating workshops and communicating risk information to executive stakeholders.

Required skills

• Excel
• SharePoint
• Jira
• Confluence
• YouTrack
• Knowledge of NIST CSF 2.0, ISO 27001, MITRE ATT&CK frameworks