Information Security GRC Lead Specialist

Purpose of Job

Jobholders at this level may be regarded as a source of expertise and are responsible for developing frameworks, policies and operational plans. They also analyze complex issues, understand business needs, bring together multiple concepts and translate them into tangible actions and support to enhance performance of the function. They are responsible of developing, maintaining, and publishing up-to-date information security policies, standards and guidelines and overseeing the approval, training, and dissemination of security policies and practices.

Job Responsibilites

Information Security Governance

• Set information security policies, standards and develop accordingly related processes ensuring alignment with cybersecurity regulatory requirements
• Design information security procedures and frameworks to ensure consistency in the implementation of security control
• Develop information security, governance, risk and compliance programs for effective management of IT and security risks meeting compliance requirements
• Prepare cybersecurity awareness programs and develop education plan including workshops, seminars, etc. regarding standards, policies and governance processes foster attentiveness and knowledge in cybersecurity topics across ZATCA’s employees
  
  
  

Information Security Risk Management

• Conduct cybersecurity risk assessment to identify potential risks and related daily changes initiating the development of needed mitigation plan
• Develop risk mitigation plan and remediation plan to effectively manage risk in accordance with ZATCA’s risk appetite
• Manage cybersecurity risks and risks register to identify, log and track potential risks ensuring compliance with cybersecurity standards and governance policies and procedures
• Follow-up on the implementation of corresponding mitigating controls as per set plan ensuring update of risk register
• Conduct risk assessment for the identified non-conformities during security audits and recommend accordingly needed improvement action for protection and detection capabilities
  
  
  

Information Security Compliance

• Perform information security audit, semiannually assessment against NCA and annually assessment against ISO 27001 to recognize patterns and cases of non-compliance with cybersecurity policies and recommend accordingly areas of improvement
• Manage non-compliance cases improving business process and operations by supporting external assessments against NCA framework
• Develop periodic report consolidating the status of information security compliance and report it with regulates (ISO 27001 & NCA)
  
  
  

Organization and Operations

• Follow all relevant policies, processes and standard operating procedures so that work is carried out in a controlled and consistent manner
• Help in solving escalated problems and provide needed support for junior team to ensure work is carried out in an efficient manner
• Escalate complex problems to the relevant person to ensure cases/issues are closed properly
• Perform other duties as requested
  
  
  

People Management

• Train junior staff on the different job activities to ensure transfer of know-how, when applicable
• Provide clear direction, prioritize tasks, assign and delegate responsibility, and monitor the workflow of subordinates/ junior staff
• Support junior staff or direct reports in order to execute their duties according to set policies and processes
  
  
  

Job Details

Communication and Contacs

Eductaion

• Bachelor’s degree in Science in Cybersecurity or equivalent is required
• Master’s degree in Cybersecurity or equivalent is preferred
  
  
  

Experience

A minimum of 4 years of relevant experience

Competencies

Cybersecurity Incident and Investigation - Advanced

IT Operations Management - Advanced

Professionalism - Proficient

Project Management - Advanced

Communication - Proficient

Results Oriented - Proficient

Information Security - Advanced

IT Compliance - Advanced

Customer Focus - Proficient

Vendor Management - Advanced

Change Enabler - Proficient