IMI1955 - Division Head GRC

Job Family: Information Security
Location: Ras Al Khair, Saudi Arabia
Business Line: Cybersecurity
Department: Information Security
Closing Date: 31-Aug-2024

Develop and implement business applications, systems, and procedures within recognized fields of Information Technology (IT) endeavors as detailed.


• Enhance or develop cybersecurity GRC framework, policies, and procedures.

• Implement, maintain, and support cybersecurity GRC policies, and procedures.

• Work with cross-functional teams to assess security vulnerabilities and process deficiencies to develop effective mitigation strategies, also track and provide remediation guidance for new projects, services and/or third-party contracts in terms of information security assurance.

• Develop and maintain regular cybersecurity awareness training to ensure all staff members are knowledgeable with the organization’s cybersecurity policies, procedures, and standards. • Improve security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.

• Oversee highest risk initiatives and serve as a point of escalation for remediation/mitigation efforts.

• Develop and work on risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities following the compliance.

• Consolidate Data analysis of important GRC risk information, including the cyber risk register, policy exceptions, audit findings and data security reviews.

• Lead and manage Comprehensive Risk assessment and Risk action plans.

• Lead and manage NCA and other regulatory compliance requirements.

• Develop and mentor the GRC team members.

• Develop and manage project proposals, resources, and plans.

• Perform any other related duties as required or assigned.



• Bachelor of Science (BS) OR bachelor’s degree in computer science, Management Information Technology (MIS), Engineering, Physical Sciences or equivalent.

Professional Qualifications (Certifications & Accreditations)

• IT Industry Accredited and related certificate e.g., ITIL, CCSP, CEH, CISA, CISM.

Competencies (Knowledge, Skills & Abilities)

• Proficient with Information security and GRC systems, applications, and tools

• Proficient with frameworks and standards associated with Information security/GRC such as ISO 27001, NIST, ISO 38500, COBIT 5

• Familiar with frameworks and standards associated with IT like ITIL, ISC 20000 etc.


• At least 9-15 years in Information security and GRC.


• Thoroughly proficient in both verbal and written English


Internal Interactions

• Frequent contact with Senior Analysts for direction and guidance, and with customers for review and evaluation of application requirements.

External Interactions

• Frequent contact with vendors for product information, and Information Technology (IT) project status.

About Application Process
If you meet the criteria and you are enthusiastic about the role, we would welcome your application. To complete the application you would need the following document(s):
1. Resume/CV