About Tibah:
Tibah Airports Operation Company manages and operates Prince Mohammed Bin Abdulaziz International Airport in Madinah as the first private company to manage and operate an airport in Saudi Arabia. Tibah has been operating Madinah Airport 24/7 since mid-2012, serving more than 10 million passengers per year.
Prince Mohammed Bin Abdulaziz International Airport is the gateway to Madinah where millions of passengers and pilgrims use our terminals year-round to connect with people and places around the world. Tibah is committed to providing the best airport services that meet global standards and cater to the diverse needs of its customers.
Job Purpose:
The Cybersecurity GRC Specialist is responsible for supporting the organization’s cybersecurity governance, risk management, and compliance (GRC) activities. The role ensures that cybersecurity strategies, policies, standards, and controls are effectively implemented, monitored, and aligned with regulatory, operational, and business requirements, including IT and OT/ICS environments.
Main Duties and Responsibilities:
Manage and oversee the implementation of cybersecurity strategies, policies, standards, and procedures across the organization. Conduct cybersecurity risk assessments to identify threats, vulnerabilities, and risks across IT and OT/ICS environments. Develop, track, and monitor cybersecurity risk treatment and mitigation plans, ensuring timely remediation of identified risks. Ensure IT activities, processes, and procedures comply with approved cybersecurity policies, standards, and regulatory requirements. Identify, document, review, and periodically update cybersecurity policies and procedures, including those related to OT/ICS infrastructure. Support cybersecurity compliance with applicable laws, regulations, standards, and frameworks. Support cybersecurity functions in integrating security requirements into new and changed systems, services, and projects. Provide GRC advisory support to IT, OT, and business stakeholders to ensure secure and compliant operations. Prepare periodic cybersecurity compliance and risk status reports and present updates to the Cybersecurity Manager. Monitor the overall cybersecurity compliance posture and recommend improvements where gaps are identified. Implement and support cybersecurity training and awareness programs to promote a strong security culture. Support internal and external cybersecurity audits, assessments, and reviews. Stay informed about emerging cybersecurity risks, threats, and regulatory changes relevant to airport and critical infrastructure environments. Perform other related cybersecurity GRC duties as assigned.
Qualifications, Experience & Skills:
Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. Experience: Minimum of 3 years of overall cybersecurity-related experience.1–2 years of hands-on experience in Cybersecurity GRC roles. Experience in regulated environments, critical infrastructure, or airport operations is an advantage. Strong knowledge of cybersecurity domains and best practices. Excellent knowledge of Governance, Risk, and Compliance (GRC) frameworks and program management. Good understanding of cybersecurity incident management practices. Familiarity with cybersecurity standards and frameworks (e.g., ISO 27001, NIST, CIS). Understanding of IT and OT/ICS security concepts.