Specialist - Risk Management (Space42)

ABOUT USSpace42 (ADX: SPACE42) is a UAE-based AI-powered SpaceTech company that integrates satellite communications, geospatial analytics and artificial intelligence capabilities to enlighten the Earth from space. Established in 2024 following the successful merger between Bayanat and Yahsat, Space42’s global reach allows it to address the rapidly evolving needs of its customers in governments, enterprises, and communities.OverviewSpace42 (ADX: SPACE42) is a UAE-based AI-powered SpaceTech company that integrates satellite communications, geospatial analytics and artificial intelligence capabilities to enlighten the Earth from space. Established in 2024 following the successful merger between Bayanat and Yahsat, Space42’s global reach allows it to address the rapidly evolving needs of its customers in governments, enterprises, and communities.Our vision is to pioneer beyond today for humanity to experience a better tomorrow. Space42 challenges traditional approaches with advanced AI and cutting‑edge satellite technology, making space more accessible and redefining how data from space can be used on Earth. We aim to achieve this by connecting people to rewire potential, informing decisions to reimagine impact and enabling action to redefine tomorrow.For more information visit: www.space42.ai, follow us on X and Instagram @Space42aiROLE PURPOSEThe Specialist – Information Security Risk Management is responsible for identifying, assessing, monitoring, and reporting information security and technology risks across the organization. This role ensures that cybersecurity risks, third‑party/vendor risks, and technology control gaps are effectively managed in alignment with enterprise risk management frameworks, regulatory requirements, and industry best practices. The role supports governance, risk assessments, third‑party risk oversight, and continuous risk monitoring initiatives.ResponsibilitiesTechnology Risk ManagementConduct enterprise‑wide information security and technology risk assessments.Identify risks related to infrastructure, applications, cloud environments, data protection, AI, and emerging technologies.Evaluate the effectiveness of security controls and recommend remediation plans.Maintain and update the Information Security Risk Register.Perform risk analysis for new projects, system implementations, and digital transformation initiatives.Assess risks related to cloud adoption, DevOps, API integrations, and third‑party platforms.Align risk assessments with industry frameworks (e.g., ISO 27001, NIST CSF, COBIT).Track remediation activities and ensure timely closure of risk treatment plans.Prepare risk reports and dashboards for management and executive leadership.Vendor & Third‑Party Risk ManagementConduct security due diligence assessments for new and existing vendors and suppliers.Evaluate third‑party security posture through questionnaires, audits, certifications, and evidence reviews.Assess vendor compliance with contractual, regulatory, and internal security requirements.Review SOC reports, ISO certifications, penetration test reports, and audit findings.Identify and document third‑party risks related to data handling, cloud hosting, outsourcing, and managed services.Coordinate remediation plans with vendors and internal stakeholders.Monitor ongoing vendor risk through continuous assessment tools and periodic reviews.Support procurement and legal teams in embedding security clauses into contracts.Manage third‑party risk lifecycle from onboarding to termination.QualificationsMinimum 5–8 years of experience in Information Security, Technology Risk, IT Audit, or Vendor Risk Management.Strong understanding of cybersecurity principles, risk assessment methodologies, and control frameworks.Experience conducting technology risk assessments and third‑party security evaluations.Familiarity with cloud security risks (Azure, AWS) and SaaS risk considerations.Experience reviewing SOC 2 reports, ISO 27001 certifications, and penetration test results.Knowledge of regulatory requirements and data protection standards.Experience with Governance, Risk & Compliance (GRC) tools.Strong analytical, documentation, and reporting skills.Ability to translate technical risks into business impact.Bachelor’s degree in information security, Computer Science, Risk Management, or related field.Professional certifications such as: CISM, CRISC, CISSP, CISAKnowledge of quantitative risk modeling techniques.Strong stakeholder management and communication skills.Our Benefits & PerksCompetitive compensation packages and comprehensive medical insurance to support you and your family.Wellbeing‑focused initiatives and resources, designed to enhance your personal and professional life.Access to exclusive discount programs, offering savings across various lifestyle and leisure experiences across the UAE.What Makes a Great FitIf you are performance‑driven and possess an inquisitive mind with the agility to navigate ambiguity, you will th