About the Job
The Cybersecurity GRC Director is responsible for overseeing the organization’s cybersecurity governance frameworks, risk management processes, and compliance initiatives. This role will develop and implement Cybersecurity Governance, Risk Management, and Compliance (GRC) strategies, policies, and procedures in alignment with KSA regulatory requirements, industry standards, and best practices. Key responsibilities include establishing risk mitigation strategies, monitoring changes in the regulatory landscape, and ensuring cybersecurity compliance across all business units and functions.
Responsibilities
- Cybersecurity Governance Frameworks: Create and implement governance frameworks, policies, and procedures that align with industry best practices and regulatory requirements, ensuring they are comprehensive and tailored to the organization’s needs.
- Governance Structures: Establish and maintain governance structures that define roles, responsibilities, and decision-making processes related to cybersecurity while facilitating clear communication channels.
- Compliance Management: Ensure compliance with relevant regulations, standards, and frameworks. Conduct regular compliance assessments and adjust governance policies as needed based on regulatory changes.
- Risk Assessment and Management: Conduct risk assessments to identify and prioritize cybersecurity risks. Develop strategies and controls for risk mitigation and regularly monitor and update management plans.
- Policy Development and Implementation: Develop and implement cybersecurity policies, ensuring effective communication and consistent enforcement among stakeholders.
- Security Awareness and Training: Create and deliver training programs to promote cybersecurity awareness among employees and stakeholders, instilling adherence to governance frameworks.
- Incident Response Planning: Guide the development of incident response plans to effectively manage cybersecurity incidents and ensure timely responses.
- Vendor Risk Management: Assess and manage risks associated with third-party vendors, establishing processes to evaluate their security posture and compliance.
- Governance Reporting and Communication: Generate reports for senior management and stakeholders regarding the organization’s cybersecurity activities, compliance status, and overall risk posture.
- Continuous Improvement: Evaluate and enhance the effectiveness of governance frameworks and stay updated on emerging cybersecurity trends and regulatory changes.
- Collaboration and Stakeholder Management: Collaborate with cross-functional teams to ensure alignment and integration of cybersecurity governance efforts while fostering relationships with internal and external stakeholders.
- Industry and Regulatory Awareness: Stay informed about industry trends, emerging threats, and changes in regulations, participating in professional development and industry forums.
Minimum Qualifications
- Bachelor’s degree in Computer Science, Information Security, or a related field; a Master's degree is preferred.
- Professional certifications such as CISSP, CISM, CRISC, or CGEIT.
- At least 12 years of experience in a cybersecurity role within a technology company, with a minimum of 3 to 4 years in progressive leadership roles, including developing and implementing governance policies and procedures, and a strong understanding of the KSA business and regulatory environment.