Cybersecurity GRC Manager

• Strategic planning and oversight of Cybersecurity GRC program
• Managing members of the Cybersecurity GRC team
• Working closely and collaborating with other Cybersecurity functions
• Ensuring cybersecurity compliance with regulatory requirements (NCA, NDMO, etc.)
• Developing and maintaining the cybersecurity governance framework, including policies, procedures, standards, etc.
• Establishing cybersecurity standards and baselines
• Procedure documentation, policy communication, policy enforcement, policy reviews/updates
• Cybersecurity risk asssessments
• Risk mitigation strategies
• Risk register
• Third party cybersecurity risk assessment
• Cybersecurity awareness training
• Working closely with Audit to conduct cybersecurity audits
• Building and managing relationships with senior stakeholders across the organisation

• At least a Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a relevant field of study (Master's would be an advantage)
• Relevant cybersecurity certifications (CISSP, CISM, CRISC, CISA, etc.)
• 6+ years of experience in cybersecurity, governance, risk management, and compliance roles
• Previous experience in leading Cybersecurity GRC programs within large, complex organisations
• Strong knowledge of Saudi regulatory requirements related to cybersecurity such as NCA, NDMO, CST, etc.
• Deep understanding of cybersecurity risk management, threat landscapes, vulnerabilities, and attack vectors
• Familiarity with cybersecurity governance frameworks such as NIST Cybersecurity Framework, ISO 27001, etc.
• Ability to lead and motivate a team
• Ability to work in a fast-paced organisation with ever-changing cybersecurity requirements
• Ability to interact with stakeholders from different departments and across all levels of the organisation
• Ability to simplify and articulate complex Cybersecurity GRC matters
• Strong written/verbal communication skills
• Based in/willing to relocate to Tabuk region

Michael Page