IT Risk Manager

We are seeking an experienced and forward-thinking Head of IT Risk to lead IT risk within a multi-line insurance company operating in the GCC region. This role will be responsible for developing and implementing a robust IT risk framework, ensuring IT risk strategies align with business objectives and regulatory requirements; and a strong cyber security environment.

The Head of IT Risk must ensure GRM (Group Risk Management) is both seen and heard—engaging actively in meetings, asking insightful questions, and offering well-reasoned risk perspectives. A key approach is to apply professional skepticism while remaining respectful. The role requires creative thinking, using analogies from different contexts to enhance risk discussions. By fostering collaboration and by proactively offering insights—such as risk deep dives—before making requests, GRM will be seen as a value-adding partner. Relationship-building is key; instead of burdening the business with a check box approach and templates, the risk team should work alongside business colleagues to ensure IT is an enabler to the business. At the same time, Key Risk Indicators (KRIs) and feedback loops drive effectiveness. The ultimate goal is to provide the right risk frameworks for the business to make strong risk/reward decisions that drive sustainable growth.

Key Responsibilities:

IT Risk Governance & Strategy:

• Develop, implement, and maintain an enterprise-wide IT risk management framework, aligned with the company’s business strategy and regulatory requirements.
• Define IT risk appetite and ensure it is embedded within key business and technology decisions.
• Provide independent risk oversight of IT operations, digital transformation, cloud computing, cyber security and third-party IT risks.
• Collaborate with IT, cybersecurity, compliance, and business leaders to ensure risk mitigation strategies are effectively implemented.

Cyber & Technology Risk Management:

• Assess and monitor cybersecurity risks, including threats to cloud infrastructure, digital platforms, data privacy, and operational resilience.
• Oversee risk assessments on IT infrastructure, applications, and emerging technologies such as AI, blockchain, and IoT.
• Partner with IT security teams to evaluate security controls, penetration testing results, and incident response plans.
• Monitor evolving cyber threats and regulatory expectations, ensuring proactive risk management.

Regulatory Compliance & Reporting:

• Ensure compliance with local regulatory frameworks, including data protection, cyber security, and IT governance standards across the GCC region.
• Develop IT risk reports for senior management, board risk committees, and regulatory bodies.
• Stay up to date with international standards such as NIST, ISO 27001, CIS, and COBIT, integrating best practices into the IT risk framework.
• Support IT-related audits and regulatory inquiries, providing risk insights and ensuring risk gaps are addressed proactively.

Enterprise Risk Management (ERM):

• Embed IT risk into the broader Enterprise Risk Management (ERM) framework.
• Support the ORSA (Own Risk and Solvency Assessment) process by evaluating IT risks that could impact capital and operational resilience.
• Assess risks related to business continuity planning (BCP), disaster recovery (DR), and system resilience.
• Oversee IT vendor and third-party risk management, ensuring robust due diligence and monitoring processes.

Leadership & Stakeholder Management:

• Act as a strategic advisor to the board, executive management, IT teams, and 1st LoD on IT risk-related matters.
• Partner the IT function and business generally to promote digital transformation and adoption of latest technologies.
• Together with the Country Heads of Risk and IT, lead a team of Information Security risk professionals, fostering a culture of risk awareness and accountability.
• Develop and conduct IT risk training sessions to improve awareness and resilience across the organization.

Key Qualifications & Experience:

• Highly preferred are candidates with first line experience in digital transformation. Particularly if that experience has been obtained at a multinational, multi-line insurer or a successful insuretech entity.
• Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Risk Management, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, CRISC, CISA, or equivalent are strongly preferred.
• 7+ years of experience in IT risk management, cybersecurity, technology governance, or operational resilience, preferably within insurance or financial services.
• Strong knowledge of cloud security, data protection, cyber risk quantification, and digital transformation risks.
• Experience managing third-party IT risks, IT audits, and regulatory compliance processes.
• Familiarity with IT risk frameworks such as NIST, ISO 27001, CIS, COBIT, and Basel Operational Risk guidelines.
• Strong analytical skills, ability to assess and interpret complex IT risks, and communicate findings to senior stakeholders.
• Proven leadership experience with the ability to engage, challenge, and influence stakeholders at all levels.

Why Join Us?

• Opportunity to lead and shape the risk management function of a dynamic multi-line insurer.
• Competitive compensation package and benefits.
• Work in an agile, ambitious, accountable and acceptive environment in a growing insurance market.

If you are a strategic thinker with deep expertise in IT risk, cybersecurity, and digital resilience, we invite you to apply for this role.