Specialist - Risk Management

Specialist – Enterprise Risk Management, Core42, Abu Dhabi – UAE

About Us

Core42, a leader in AI-powered cloud and digital infrastructure, is driving transformative technology solutions globally. Leveraging advanced resources and partnerships, Core42 empowers clients to harness sovereign AI infrastructure, especially in sectors with stringent regulatory needs. With a mission to redefine digital transformation, we combine sovereign capabilities with scalable, high-performance compute infrastructure, positioning ourselves at the forefront of AI innovation in the Middle East and beyond.

The Opportunity

The Specialist – Enterprise Risk Management plays a pivotal role in strengthening Core42’s risk governance by identifying, assessing, mitigating, and monitoring strategic, operational, compliance, financial, procurement, technological, special programs (including cloud), regulatory, and emerging risks across the business. You will support the design, implementation, and continuous improvement of the Enterprise Risk Management (ERM) framework, aligned with COSO, ISO 31000, COBIT, Core42’s risk appetite, corporate governance, and regulatory requirements, including ICOFR considerations.

This role requires strong expertise in enterprise-wide risk assessment—covering business operations, strategic initiatives, projects, finance, procurement, special programs, and technology-related risks—alongside the ability to integrate risk management practices into day-to-day operations. You will collaborate with cross-functional teams to embed a strong risk culture, enable informed decision-making, and safeguard the organization’s long-term sustainability.

Your Key Responsibilities

ERM Framework & Implementation

• Support the development, operation, and enhancement of Core42’s ERM framework, policies, and procedures.
• Define and maintain the organization’s risk appetite in collaboration with key stakeholders.
• Conduct regular risk assessments, workshops, and risk register updates across business units.
  
  

• Identify, assess, and prioritise enterprise-wide risks (strategic, operational, financial, compliance, and reputational).
• Execute Technical Risk Assessments (TRAs) for products, services, and systems across infrastructure, cloud, AI, and application environments.
• Develop and monitor risk mitigation strategies, ensuring alignment with risk appetite and regulatory requirements.
  
  

• Utilise and optimise GRC platforms (e.g., ServiceNow GRC, OneTrust) to automate risk scoring, control testing, and compliance monitoring.
• Produce dashboards, heatmaps, and executive reports with actionable insights.
  
  

• Assess AI/ML risks, including data integrity, model drift, explainability, and adversarial threats.
• Align AI risk practices with frameworks such as ISO/IEC 42001 and NIST AI RMF.
  
  

• Evaluate risks in cloud-native environments (AWS, Azure) including IaaS, PaaS, GPUaaS.
• Map controls to CSA CCM, ISO 27017/27018, SOC 2, and other cloud security standards.
  
  

• Ensure compliance with ISO, NIST, COSO ERM, COBIT, and other relevant standards.
• Integrate risk findings into operational KPIs and performance reviews.
  
  

• Required Skills / Qualifications
• Bachelor’s degree in Information Technology, Risk Management, or related field (Master’s preferred).
• 8+ years of experience in enterprise risk management, information security, operational risk, and cloud governance.
• Proven ability to conduct technical risk assessments across infrastructure, applications, data centres, AI, and cloud platforms.
• Strong understanding of security frameworks (ISO 31000, 27001, ICOFR, SOC 2, COSO, COBIT).Expertise in risk reporting, stakeholder engagement, and governance processes.
• Preferred Skills / Qualifications
• Relevant certifications: CRISC, CIRM, CDPSE, ISO 31000, NIST RMF, COSO ERM, ISO 27001.
• Technical proficiency in vulnerability assessment, penetration testing, and incident response tools.
• Familiarity with AI governance and emerging technology risk management.
• Experience with automation in GRC workflows and dashboard reporting.