Cyber Security GRC Manager
Division: Risk Management
Department: Information Security
Purpose and Summary:
– To primarily ensures that an organization’s cybersecurity efforts are well-governed, risks are managed, and compliance with regulations and standards is maintained.
– To ensure the operational environment remains secured, managing risk to acceptable level by analyzing risk probability, impact and prioritizing control implementation.
Duties & Responsibilities:
– Develop and maintain security governance frameworks such as NIST, ISO 27001, and COBIT to guide the organization’s cybersecurity efforts.
– Create and enforce cybersecurity policies, procedures, and standards that align with business goals.
– Oversee security awareness programs to ensure employees understand and follow security policies and best practices.
– Maintain MIS Trackers, Reports and Dashboards for the management.
– Perform Information security risk assessment against industry standard security framework/policies for IT/IS risks
– Evaluate and recommend controls to mitigate identified risks and ensure they are effectively implemented.
– Maintain a risk register to document risks, assess their impact, and track mitigation efforts.
– Work closely with the incident response team to ensure risks are promptly addressed, and lessons learned are applied for future preparedness
– Assess and monitor the security posture of third-party vendors to ensure compliance with internal policies and external regulations.
– Lead or assist in internal and external cybersecurity audits and compliance, ensuring all security practices meet the required standards.
– Collaborate with the security operations and security assessment team to identify and address real-time threats and ensure that governance and risk management frameworks are adaptable to evolving threats.
– Develop and report on program execution KPIs to the ISWG (IS workgroup) on monthly, quarterly and annual basis.
– Maintain the CBO, SWIFT & PCI-DSS compliance tracking. Produce the reports and dashboard. Ensure and share the report and dashboards with the ISWG (IS Workgroup) on monthly, quarterly and annual basis. Ensure timely closure, escalation of the action items and track / record activities in auditable format
– Define and track key performance indicators (KPIs) and metrics to measure the effectiveness of cybersecurity governance, risk, and compliance programs.
– Provide detailed reports on the cybersecurity risk posture, compliance status, and any remediation efforts to executive leadership and stakeholders
– Logs all InfoSec related Incidents and track for closure of the incidents – manage and maintain Incident log Register
– Liaise with different entities on security events such CBO, CDC. Etc.
– Liaise with different team members to deploy security controls recommended by vendors and Information security team.
– Participate in information security related initiatives and projects as assigned or other duties as assigned.
– Ensure alignment with regulatory and compliance frameworks.
Experience & Technical Skills Required:
– 6 to 12 years of relevant experience.
– Leadership Skills
– Effective Communication skills.
– Strong Risk Analysis skills.
– Attention to Details.
– Problem-Solving skills.
– Coordination skills.
– Teamwork skills.
– Reporting skills.
– Research skills
– Assessment skills.
– Sound Arabic & English Languages skills
Qualification:
– Degree in Information Security/IT or equivalent.
– Preferred Professional Information Security Certification or equivalent.
– ITIL v3(Information Technology Information Library)
– ISO/IEC 2013:27001 Lead Implementer
– ISO/IEC 2013:27001 Lead Implementer
– CEH (Certified Ethical Hacking)
– CISM (Certified Information Security Manager)
Deadline of submitting the applications on 30/09/2024