Cybersecurity GRC Manager - Golf Saudi

Job brief:

The Cybersecurity GRC Manager is responsible for establishing and maintaining an effective cybersecurity governance risk management and compliance framework within an organization. They play a critical role in ensuring that the organizations cybersecurity practices align with industry standards regulatory requirements and internal policies.

Functions and Responsibilities:

• Develop and implement cybersecurity governance frameworks policies and procedures to ensure compliance with applicable laws regulations and industry standards.
• Collaborate with key stakeholders such as legal IT and business units to ensure cybersecurity initiatives align with the organizations overall strategic objectives.
• Conduct cybersecurity risk assessments to identify assess and prioritize cybersecurity risks and vulnerabilities.
• Develop and maintain risk management frameworks and methodologies to effectively manage and mitigate identified risks.
• Collaborate with IT teams and business units to develop and implement risk mitigation strategies controls and action plans.
• Monitor and track risk mitigation activities to ensure timely implementation and effectiveness.
• Provide guidance and support to business units in conducting risk assessments specific to their operations systems and processes
• Monitor and ensure compliance with relevant cybersecurity laws regulations and industry standards (e.g. GDPR NCA ISO 27001).
• Conduct internal compliance reviews and assessments to identify gaps and areas requiring improvement.
• Develop and deliver cybersecurity training and awareness programs to promote compliance and best practices among employees.
• Implement and manage GRC tools and technologies to streamline and automate GRC processes.

Qualifications:

• Bachelors / masters degree in cybersecurity risk management information systems or a related field.
• Minimum of (57) years of related experience.
• Professional certifications such as Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) are highly desirable.
• Extensive experience in cybersecurity GRC risk management or compliance roles.
• Strong knowledge of cybersecurity laws regulations and industry standards such as NCA controls.

Skills:

• Strong Understanding of Cybersecurity GRC
• Proficiency in understanding and applying relevant regulatory requirements industry standards (such as NIST ISO 27001 and NCA controls and frameworks is vital.
• Governance and Policy Development.
• Strong communication skills are necessary to effectively communicate complex cybersecurity and compliance concepts to both technical and nontechnical stakeholders.