Conducts risk assessments, collecting and analyzing documentation, statistics, reports, and market trends.
Establishes policies and procedures to identify and address risks in the organizations services and departments and to support the operations BCM process (including Business Impact Analysis, Crisis Response and Recovery Playbooks).
Reviews and assesses risk management policies and protocols, makes recommendations and implements modifications and improvements.
Recommends and implements risk management solutions such as insurance, safety and security policies, business continuity plans, or recovery measures.
Work closely with key collaborators to establish risk appetite and tolerance thresholds to be applied to risk-based decision-making and to develop and manage robust Business Continuity Plans (BCP) and mitigation strategies.
Provide risk management and assessment support where needed across the organization
Drafts and presents risk reports and proposals to executive leadership.
Develops and maintains a business recovery plan and procedure; reviews, revises, and expands existing plans and protocols.
Conducts risk assessments for various departments and functions, analyzing potential business impact of unpredictable business interruptions such as natural disasters, security breach, legal claims, and market disruptions.
Own the planning for the execution of testing exercises involving all levels of the organization for critical business functions/processes.
Collaborates with IT staff to develop and implement best practices to protect and restore data and systems in the event of natural disasters, viruses, and hackers.
Identifies and implements recovery operations and methods to allow the company to function at limited or partial capacity in the event that part or all of the infrastructure is damaged or destroyed.
Creates and facilitates exercise plan execution.
Develops and provides staff training on risk management and disaster recovery.
Works with Quality, health, safety, and security department and local, state, and regulatory agencies to align the organizations emergency management plan with established best practices and standards.
Work closely with the risk champions and continuously updating the risk registers.
Develop and deploy training programs to build risk management capability and process adherence across the organization
Perform other job-related duties as assigned.
Perform other duties related to the job and/or the operation of the company, in accordance to the regulations of the Saudi Labor of Law.
Adherence to Cybersecurity policies and procedures.
Dealing with data and information according to their level of classification.
Avoid violating the rights of any person or company protected by copyrights, patents, or any other intellectual property, or similar laws or regulations.
Compliance with Cybersecurity requirements related to the protection of user devices, Internet, software, systems, and Email requirements.
Adhere to the acceptable use policy and Using CATRION information and technical assets only for business purposes.
Obtaining the required permit from the security department or the owner of the authority in CATRION before hosting visitors in the company's specific sensitive sites.
