OVERVIEW |
Position | Industrial Cybersecurity Governance, Risk, and Compliance Manager | Job Code | |
Reports to | Fahad Alqahtani | Direct Reports | None |
Division/Section | Critical Infrastructure Protection (CIP) | Department | Cybersecurity |
Sector | NEOM GRC | Job Family | |
Role Purpose | An Industrial Cybersecurity Governance, Risk, and Compliance Manager is responsible for overseeing the cybersecurity risks associated with industrial environments, such as manufacturing plants, power plants, and other critical infrastructure facilities. This role typically encompasses a variety of responsibilities to ensure the security and integrity of industrial control systems (ICS), operational technology (OT), and the Internet of Things (IoT) devices. |
KEY ACCOUNTABILITIES & ACTIVITIES |
Key Accountabilities & Activities | Governance Development: - Develop, implement, and maintain a robust OT governance framework that aligns with overall business strategies and corporate governance policies.
- Establish OT-specific policies, standards, and procedures that guide and control the organization’s operational technology practices.
Risk Management: - Lead comprehensive risk assessments to identify vulnerabilities and threats to OT systems.
- Implement risk management strategies and mitigation plans to address identified risks and ensure they are managed within acceptable tolerance levels.
- Conduct regular reviews and updates of risk management protocols to adapt to new technologies, processes, or changes in the threat landscape.
Compliance Oversight: - Oversee and ensure adherence to all applicable local, national, and international regulatory requirements and standards that affect OT systems.
- Regularly audit OT systems and practices to ensure compliance, documenting findings and implementing corrective actions as needed.
- Stay abreast of changes in regulatory environments and update compliance strategies accordingly.
Security Enhancements: - Collaborate with IT and cybersecurity teams to integrate state-of-the-art cybersecurity technologies and best practices with operational technology systems.
- Develop and oversee the implementation of security projects that enhance the resilience of OT systems against cyber threats.
Stakeholder Engagement: - Act as the primary point of contact for OT governance, risk, and compliance within the organization, ensuring clear communication and reporting lines.
- Prepare and deliver detailed reports and presentations to senior management and board members on OT risk and compliance statuses, strategies, and improvements.
- Engage with external stakeholders including regulators, partners, and industry groups to ensure alignment and compliance with external standards and practices.
Team Leadership: - Lead, mentor, and develop the OT governance, risk, and compliance team, fostering a culture of continuous improvement and professional growth.
- Manage resource allocation and team performance, setting clear goals and expectations, and providing regular feedback.
|
BACKGROUND, SKILLS & QUALIFICATIONS |
Knowledge, Skills, and Experience | The ideal candidate will possess an in-depth understanding of industrial control systems including SCADA, PLCs, and other OT technologies. This role requires at least 15 years of substantial experience in risk management, compliance, or governance, specifically in operational technology settings, as well as a thorough knowledge of relevant industry regulations and standards. Strong analytical skills are essential for identifying and mitigating risks in complex systems and environments. The candidate must have excellent communication skills to effectively articulate complex issues to both technical and non-technical stakeholders and should demonstrate proven leadership abilities to guide and develop a diverse team. The ability to navigate and manage cross-functional collaborations is also crucial for success in this role. |
Qualifications | Bachelor’s degree in computer science, Information Technology, Cybersecurity, Engineering, or a related field. A master’s degree in a relevant field can be advantageous. Certifications relevant to cybersecurity such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Industrial Cyber Security Professional (GICSP), Certified Ethical Hacker (CEH), or other specialized certifications like ISA/IEC 62443. |
COMMUNICATION - MAIN STAKEHOLDERS |
Internal | External |
• Cybersecurity Department. • Cybersecurity Authority. • Tonomus and Corporate IT. • Internal Audit. • Corporate GRC. • NEOM sectors, regions, subsidiaries, and departments. • Risk Champions. • Executive Committee. • Cybersecurity Steering Committee. • Policy Review Committee. • Related internal committees. | • NCA • External Audit |
| | | | | |