Cybersecurity GRC Senior Manager

IT & Network
Saudi Arabia 🇸🇦
October 2, 2023
Full Time

Apply for this job

Email *

Job Description

Overview

Position

Cybersecurity GRC Senior Manager

Job Code

Reports to

Cybersecurity GRC Director

Direct Reports

TBD

Division

Cybersecurity GRC

Sector

NEOM Cybersecurity

Role Purpose

  • To define cybersecurity policies and procedures, develop governance framework, monitor the implementation of cybersecurity methodology, and identify cybersecurity governance tools across NEOM eco-system.
  • Manage the cybersecurity awareness and training across NEOM.
  • Manage the Cybersecurity KPIs across NEOM.
  • Manage the cybersecurity committees, working groups, and executive reporting.

Key Accountabilities & Activities

  • Review and validate cybersecurity policies and procedures ensuring alignment to leading industry standards, applicable laws, and regulations, as well as NEOM’s requirements.
  • Supervise the process of developing the governance framework and operating model in line with leading practices, laws and regulations.
  • Monitor the development and implementation of cybersecurity methodology highlighting roles and responsibilities in detecting and mitigating cyber threats on time.
  • Define cybersecurity policies and procedures in line with laws, regulations, organizational requirements, and best practices.
  • Develop and update cybersecurity governance framework based on leading practices, laws, regulations and organizational requirements.
  • Develop and maintain the Unified Cybersecurity Framework, the Risk and Control Matrix, Maturity definitions, and implementation trackers.
  • Establish cybersecurity governance methodology to ensure that all cybersecurity follows a consistent and repeatable manner.
  • Specify the roles and responsibilities of concerned individuals in mitigating cyber threats in line with cybersecurity governance methodology.
  • Support in the development of cybersecurity policies and procedures through identifying latest regulations and best practices.
  • Gather information related to leading practices to support in the development of governance framework in line with regulations and organizational requirements.
  • Participate in the development of cybersecurity governance methodology and suggest improvements based on best practices.
  • Analyze strengths and weaknesses of existing cybersecurity tools, document results and suggest improvements.
  • Define, manage and monitor cybersecurity KPIs across NEOM.
  • Manage cybersecurity regular executive reporting and communication.
  • Manage cybersecurity committees and working groups.
  • Establish and maintain communication channels with stakeholders.
  • Review existing and proposed policies with stakeholders.
  • Advise on matters related to cybersecurity governance, best practices, and regulatory requirements.
  • Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.
  • Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.
  • Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals.
  • Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.
  • Interpret and apply applicable laws, statutes, and regulatory documents and integrate into cybersecurity governance.
  • Analyze organizational cyber policy and establish alignment with other related policies.
  • Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.
  • Define and integrate current and future mission environments.
  • Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.
  • Draft, staff, and publish cyber policy.
  • Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.
  • Seek consensus on proposed policy changes from stakeholders.
  • Provide policy guidance to cyber management, staff, and users.
  • Review, conduct, or participate in audits of cyber programs and projects.
  • Support in the formulation of cyber-related policies.
  • Monitor daily team activities and review developed reports to identify improvements to cybersecurity governance practices at NEOM.
  • Review conducted analysis to support in the identification of cybersecurity governance tools and ensure safety of systems across NEOM.
  • Develop regular reports and disseminate to concerned stakeholders on time.
  • Provide clear direction, prioritize tasks, assign and delegate responsibility and monitor the workflow to ensure proper governance of cybersecurity across NEOM.
  • Ensure the execution of regular cybersecurity governance reviews while ensuring the inclusion and satisfaction of stakeholders feedback, and keep abreast of improvement opportunities to rectify cybersecurity governance.
  • Ensure periodic collaboration with relevant governance teams for improving the governance and performance of controls.
  • Lead team of cybersecurity governance professionals to design, implement and operationalize cybersecurity governance management program.
  • Provide management oversight and serve as the leadership point of contact for the cyber security governance team.
  • Provide leadership and engage with the business to support security assessment and ensure timely execution of projects and program while mitigating any security risks.
  • Identify, recommend appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to a level acceptable to the senior management of the company.
  • Work closely with internal groups such as Human Resources, Corporate Governance, IT Governance, Internal Audit, Privacy, Legal, and Compliance on matters of policy and risk management.
  • Develop and improve KPI/KRIs, metrics, risk register and trending.
  • Mentor, coach, and train security staff and develop their capabilities.
  • Manage and improve the function according to NEOM’s strategic objectives and growth.

Background, Skills & Qualifications

Knowledge, Skills and Experience

  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).
  • Knowledge of the organization’s core business/mission processes.
  • Knowledge of applicable laws, statutes (e.g., NCA, CST, NDMO), Royal Decrees, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
  • Knowledge of full spectrum cyber capabilities (e.g., defense, attack, exploitation).
  • Knowledge of strategic theory and practice.
  • Knowledge of emerging technologies that have potential for exploitation.
  • Knowledge of industry indicators useful for identifying technology trends.
  • Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development).
  • Knowledge of current and emerging cyber technologies.
  • Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • Experience leading and influencing cross-functional teams/projects.
  • Demonstrated customer focus – evaluates decisions through the eyes of the customer; builds strong customer relationships and creates processes with customer viewpoint.
  • Strong analytical skills – strong problem-solving skills, communicates in a clear and succinct manner and effectively evaluates information/data to make decisions; anticipates obstacles and develops plans to resolve.
  • Change oriented – actively generates process improvements; supports and drives change and confronts difficult circumstances in creative ways. Self-motivated, self-directed, flexible, and able to work under pressure and in fast paced team environment.
  • Demonstrated ability to lead and motivate staff and to apply skills and techniques to solve dynamic problems.
  • Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.
  • Skill in preparing plans and related correspondence.
  • Strong problem solving, prioritization, presentation, and facilitation skills with the ability to make recommendations to all levels of the organization.
  • Strong functional team player with experience working seamlessly across a matrix structure.
  • Excellent interpersonal, written/verbal communication and leadership skills with the ability to make recommendations to all levels of the organization.
  • Experience with project management and execution of multiple simultaneous and / or large projects.

Qualifications & Experience

  • A Bachelor’s Degree in Computer Engineering, Computer Science, or equivalent is required
  • Experience with various industry regulations and frameworks (ISO27001, ISO31000, IRM, SAMA, Personal Data Protection Laws, NCA, CST, NDMO, NIST, CIS etc.)
  • Experience with GRC tools such as Service Now, Archer, etc.
  • Experience with risk tools such as BitSight, RiskRecon, SecurityScorecard, SAFE, CORL, etc.
  • Experience working in a highly regulated environment.
  • Experience or understanding of complex governance including subsidiaries and Critical National Infrastructure, and GIGA Projects.
  • Experience in developing cybersecurity controls, programs and frameworks.
  • Strong background in security controls, auditing, network, and system security.
  • Ability to express complex technical concepts in business terms.
  • Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
  • Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
  • Regularly interact with all levels of management to present and discuss control effectiveness.

MAIN CONTACTS

Internal

External

  • CISO
  • Cybersecurity Authority
  • Internal Audit
  • Corporate GRC
  • NEOM sectors, regions, subsidiaries, and departments
  • Risk Champions
  • Information Security Steering Committee
  • Related internal committees
  • NCA
  • CST
  • NDMO

Related Jobs