Cybersecurity GRC Lead

Overview

Position

Cybersecurity GRC Lead

Job Code

Reports to

Head of Cybersecurity

Direct Reports

Division/Section

Technology & Science

Department

Cybersecurity

Sector

Oxagon

Job Family

Role Purpose

We are looking for an experienced Cybersecurity Governance, Risk and Compliance professional with various technical backgrounds, preferably in industrial sectors, to help evolve, mature, and grow the Cybersecurity GRC program. This candidate will be responsible for leading the day-to-day cyber compliance, data governance, and cyber risk management functions. The role will include primary responsibility for defining, creating, and managing cyber and organizational policies and standards in support of legal and regulatory compliance needs as well as general cyber and organizational information security practices. The senior analyst will lead the implementation of GRC software solutions and collaborate with stakeholders, business analysts, process leaders, and architects in interpreting requirements and configuring them into software platform.

Key Accountabilities & Activities

Core Mandate

• Develop and implement effective Cybersecurity GRC frameworks, policies, processes, procedures, guidelines, and related documentation in compliance with Saudi and NEOM regulation requirements.
• Lead the development and implementation of system-wide risk management functions for the Cybersecurity program to ensure Cybersecurity risks are identified and monitored.
• Execute cybersecurity risk assessments and control attestation processes in GRC solutions.
• Provide Third Party Risk Management (TPRM) guidance and interpretation of rules, regulations, risk reviews, and best practices.
• Act as key technical resource in important IT Risk & GRC activities, including risk assessment, security reviews and security awareness
• Work with Internal and External Auditors as appropriate on required security assessments and audits.
  
  

Background, Skills & Qualifications

Knowledge, Skills and Experience

• Strong background in Cybersecurity domains with specific expertise in GRC frameworks.
• Familiarity with latest IT/OT /Cybersecurity GRC controls, trends, and techniques.
• Ability to create and drive GRC processes with smooth execution to meet deadlines while facing priorities shift scenarios.
• Ability to effectively communicate Cybersecurity risks and posture to senior management and other stakeholders.
• Strong analytical and problem-solving skills, with a keen attention to detail.
• Fluent in English Language with strong stakeholder engagement and relationship management skills.
• Thorough Knowledge in Saudi Cybersecurity Requirements and Regulations
  
  

Qualifications

• Bachelor's or Master's degree in Cybersecurity, Information Technology, Computer Science, or related fields.
• Certifications in GRC and/or Cybersecurity related topics (e.g. CISSP, CISA, CRISC, CISM, CEH, GIAC, SSCP, etc.) are highly recommended.
• A minimum of 3 years of experience in cybersecurity with focus on policy creations, risks assessments, and other GRC operations.
• Demonstrable history of continued professional development, including attending relevant conferences, workshops, or training sessions in the field of GRC and/or Cybersecurity.
• Experience in conducting risk assessments and preparing and analyzing relevant GRC reports.
  
  

COMMUNICATION - MAIN STAKEHOLDERS

Internal

External

• Directors
• Oxagon BUs
• NEOM Tech and Science team
• External partners
• Consultancy firms

---