Job Purpose:Responsible for overseeing, assessing, and documenting Governance, Risks and Compliance requirements that specifically require intervention and participation from IT Department across its various Units. Provide highly skilled technical and functional expertise for development and implementation of the Cybersecurity GRC functions and Program.
Principal Accountabilities: Policies, Processes & Procedures Adhere to organizational policies and procedures to ensure compliance and maintain a productive work environment. Implement and uphold the security protocols to protect the well-being of all employees and company assets. Comply with the standards and controls issued by the National Cybersecurity Authority (NCA), SDAIA, NDMO, in all relevant tasks and responsibilities.
Main Areas of Responsibility Supervise and monitor IT environments and related functions to ensure compliance with applicable security policies, standards, and regulatory requirements, including effective implementation of Segregation of Duties (SoD). Supervise the detection of deviations from established security policies, procedures, and role mappings, analyse findings and report discrepancies to management for timely remediation. Supervise and monitor IT environments and related functions to ensure compliance with organizational policies and regulatory requirements. Supervise & Prepare plans and ensure the completion of deliverables related to Findings as required. Supervise & Assign tasks and issues related to Findings / Observations from Control Functions as required, monitor to ensure progress and timely completion. Supervise & Interact with Audit, Risk and Compliance Functions within NCA, i.e. First-Point-of-Contact for Control Functions within IT Unit. Supervise & Maintain IT Risk Register and IT Risks appropriately in order to minimize impacts on IT operations, delivery of functionality, costs or timeframes. Supervise all IT Audit Findings (Internal / External) and follow-up for closure in coordination with related IT Units and other Departments, HQ, Branches. Supervise in Work with Internal Audit Team and External Audit consultants as appropriate on required IT Assessments and Audits Supervise and track all IT and Security related audits including scope of audits, timelines, and outcomes. Supervises in Provide guidance, evaluation and advocacy on audit responses. Support the creation governance policies, procedures, and guidelines, SOP. Collaborate with various departments to implement and maintain governance frameworks. Participate in internal and external assessments to ensure continual improvement of governance and compliance initiatives. Review and validate the Access Review user for IT financial systems. Prepare documentation and evidence for internal and external audits for NCA, ISO, PDPL, NDMO, SDAIA. Ensure incident handling aligns with policies and Procedures. Support security awareness and policy training programs for IT and business units. Provide compliance guidance to application owners, system admins, and stakeholders. Perform regular control and Risk management, gap analysis on IT and cybersecurity controls.
Skills and Competencies:Well versed with Laws and Regulations of National Cybersecurity Authority such as: NCA IT Governance Framework, NCA Cybersecurity Framework, (BCM) Framework, PDPL, ISO27001IT Policies and Procedures Lifecycle Management Project Management Methodologies Familiarity with audit and compliance report
Requirements:Bachelor's Degree Computer Science, IT or equivalent Preferred Certifications in Risk and Information Systems Control ISO/IEC 27001 Lead Implementer Auditor3 – 4 years of relevant experience Experience in Quality and process improvements projects