About the job
Overview
Position: Cybersecurity GRC Lead
Role Purpose:
We are looking for an experienced Cybersecurity Governance, Risk and Compliance professional with various technical backgrounds, preferably in industrial sectors, to help evolve, mature, and grow the Cybersecurity GRC program. This candidate will be responsible for leading the day-to-day cyber compliance, data governance, and cyber risk management functions. The role will include primary responsibility for defining, creating, and managing cyber and organizational policies and standards in support of legal and regulatory compliance needs as well as general cyber and organizational information security practices. The senior analyst will lead the implementation of GRC software solutions and collaborate with stakeholders, business analysts, process leaders, and architects in interpreting requirements and configuring them into software platform.
Key Accountabilities & Activities:
Core Mandate:
- Develop and implement effective Cybersecurity GRC frameworks, policies, processes, procedures, guidelines, and related documentation in compliance with Saudi and NEOM regulation requirements.
- Lead the development and implementation of system-wide risk management functions for the Cybersecurity program to ensure Cybersecurity risks are identified and monitored.
- Execute cybersecurity risk assessments and control attestation processes in GRC solutions.
- Provide Third Party Risk Management (TPRM) guidance and interpretation of rules, regulations, risk reviews, and best practices.
- Act as key technical resource in important IT Risk & GRC activities, including risk assessment, security reviews and security awareness.
- Work with Internal and External Auditors as appropriate on required security assessments and audits.
Background, Skills & Qualifications:
Knowledge, Skills and Experience:
- Strong background in Cybersecurity domains with specific expertise in GRC frameworks.
- Familiarity with latest IT/OT /Cybersecurity GRC controls, trends, and techniques.
- Ability to create and drive GRC processes with smooth execution to meet deadlines while facing priorities shift scenarios.
- Ability to effectively communicate Cybersecurity risks and posture to senior management and other stakeholders.
- Strong analytical and problem-solving skills, with a keen attention to detail.
- Fluent in English Language with strong stakeholder engagement and relationship management skills.
Qualifications:
- Bachelor's or Master's degree in Cybersecurity, Information Technology, Computer Science, or related fields.
- Certifications in GRC and/or Cybersecurity related topics (e.g. CISSP, CISA, CRISC, CISM, CEH, GIAC, SSCP, etc.) are highly recommended.
- A minimum of 3 years of experience in cybersecurity with focus on policy creations, risks assessments, and other GRC operations.
- Demonstrable history of continued professional development, including attending relevant conferences, workshops, or training sessions in the field of GRC and/or Cybersecurity.
COMMUNICATION - MAIN STAKEHOLDERS
Internal:
- Directors
- Oxagon
- BUs
- NEOM Tech and Science team
External:
- External partners
- Consultancy firms
