IMI1955 - Division Head GRC

  • Job Family
    Information Security
  • Contract Type
    Direct
  • Location
    Ras Al Khair, Saudi Arabia
  • Business Line
    Cybersecurity
  • Department
    Information Security
  • Closing Date
    30-Sep-2024
JOB PURPOSE / OBJECTIVE

Develop and implement business applications, systems, and procedures within recognized fields of Information Technology (IT) endeavors as detailed.

KEY ACCOUNTABILITIES

• Enhance or develop cybersecurity GRC framework, policies, and procedures.

• Implement, maintain, and support cybersecurity GRC policies, and procedures.

• Work with cross-functional teams to assess security vulnerabilities and process deficiencies to develop effective mitigation strategies, also track and provide remediation guidance for new projects, services and/or third-party contracts in terms of information security assurance.

• Develop and maintain regular cybersecurity awareness training to ensure all staff members are knowledgeable with the organization’s cybersecurity policies, procedures, and standards. • Improve security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.

• Oversee highest risk initiatives and serve as a point of escalation for remediation/mitigation efforts.

• Develop and work on risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities following the compliance.

• Consolidate Data analysis of important GRC risk information, including the cyber risk register, policy exceptions, audit findings and data security reviews.

• Lead and manage Comprehensive Risk assessment and Risk action plans.

• Lead and manage NCA and other regulatory compliance requirements.

• Develop and mentor the GRC team members.

• Develop and manage project proposals, resources, and plans.

• Perform any other related duties as required or assigned.

QUALIFICATIONS & EXPERIENCE

Education

• Bachelor of Science (BS) OR bachelor’s degree in computer science, Management Information Technology (MIS), Engineering, Physical Sciences or equivalent.

Professional Qualifications (Certifications & Accreditations)

• IT Industry Accredited and related certificate e.g., ITIL, CCSP, CEH, CISA, CISM.

Competencies (Knowledge, Skills & Abilities)

• Proficient with Information security and GRC systems, applications, and tools

• Proficient with frameworks and standards associated with Information security/GRC such as ISO 27001, NIST, ISO 38500, COBIT 5

• Familiar with frameworks and standards associated with IT like ITIL, ISC 20000 etc.

Experience

• At least 9-15 years in Information security and GRC.

Languages

• Thoroughly proficient in both verbal and written English

WORKING RELATIONS

Internal Interactions

• Frequent contact with Senior Analysts for direction and guidance, and with customers for review and evaluation of application requirements.

External Interactions

• Frequent contact with vendors for product information, and Information Technology (IT) project status.

About Application Process

If you meet the criteria and you are enthusiastic about the role, we would welcome your application. To complete the application you would need the following document(s):

  1. Resume/CV

POWERED BY