Head of Cybersecurity Governance, Risk, and Compliance

OVERVIEW

NEOM is an accelerator of human progress and a vision of what a new future might look like. A region in northwest Saudi Arabia on the Red Sea, NEOM is being built from the ground up to include hyperconnected, cognitive cities, ports, next-generation infrastructure and industries, enterprise zones, research centers, sports and entertainment venues, and tourist destinations.

As a destination, it will be a home for people who dream big and want to be part of building a new model for exceptional livability, creating thriving businesses and reinventing environmental conservation.

As a workplace, it is a place for people who share our core values of care, curiosity, diversity, passion, respect, and becoming a catalyst for change.

Are you ready to help NEOM find solutions to the world’s most pressing challenges? Are you prepared to create a lasting legacy that benefits generations to come? Then we want to hear from you!

ROLE OVERVIEW

To direct the cybersecurity activities associated with Cybersecurity Management, Cybersecurity Policies and Procedures, Cybersecurity Roles and Responsibilities, Cybersecurity Risk Management, Compliance with Standards, Laws and Regulations, Supply Chain and Third-party Cybersecurity, Cybersecurity in Human Resources, Cybersecurity Resilience Aspects of Business Continuity Management (BCM), Periodical Cybersecurity Review and Audit, Physical Security, Vulnerability Management and Penetration Testing to support the secure achievement of NEOM's business goals within relevant laws and regulations.

Key Responsibilities:

Company-wide Responsibilities

• Ensure the implementation of cybersecurity GRC processes in accordance with company-wide strategies.
• Ensure the implementation of cybersecurity activities in line with other functions and with Subsidiaries.
• Ensure appropriate support is provided to the organization to enhance NEOM cybersecurity resilience and maturity.
• Work closely with senior leaders in other departments and with external stakeholders to raise awareness of the cybersecurity risks and challenges and support their management through integration into project design and delivery in relation to values of NEOM.

Planning and Strategy

• Coordinate with senior leadership of the organization to ensure that authorization decisions consider all factors necessary for mission and business success, including cybersecurity risks and challenges.
• Ensure appropriate data is collected and maintained to meet defined cybersecurity reporting requirements.
• Ensure that appropriate reporting is provided to senior management as necessary.

People Management

• Take responsibility for building and maintaining a high-performance team, ensuring effective teamwork and communication across the Cybersecurity GRC function.
• Support the management of talent acquisition, retention, and succession planning within Cybersecurity GRC function.
• Set performance objectives, provide necessary support, evaluate/appraise staff and provide regular feedback on performance.
• Lead and mentor the teams under Cybersecurity GRC function, fostering a culture of continuous learning and professional development.
• Ensure that appropriate resources are allocated to meet the organization's cybersecurity requirements.
• Foster a working environment and culture that supports, develops, and promotes equality and diversity.

Budgeting and Financials

• Support the CISO in managing the budget, ensuring optimal allocation of resources.
• Manage financial aspects of cybersecurity, including budgeting and resourcing.

Function-specific Responsibilities

Cybersecurity Policies and Strategy Alignment

• Lead the development, regular review, and maintenance of cybersecurity policies and associated documentation, ensuring alignment with organizational cybersecurity strategy, business objectives, enforceable laws, statutes, and regulatory requirements.

Policy Implementation and Guidance

• Provide clear policy guidance to cybersecurity management, staff, and users, monitoring the effective implementation and application of cybersecurity policies, principles, and practices within planning and management services.

Cybersecurity Roles and Responsibilities

• Supervise resource allocation to cybersecurity roles, oversee periodic review and updates of cybersecurity responsibilities, and ensure standardized position descriptions are developed and maintained in alignment with established cybersecurity workforce roles.

Risk, Compliance, and Assurance Monitoring

• Oversee the development and implementation of methods for effectively monitoring and measuring cybersecurity-related risks, compliance, and assurance activities across the organization’s critical infrastructure.

Cybersecurity Risk Management

• Define, document, approve, and oversee implementation of cybersecurity risk management methodologies, ensuring periodic reviews, alignment with legal requirements, and risk assessments for technology projects, infrastructure changes, third-party engagements, and new services.
• Establish and manage a comprehensive risk management strategy, determining risk tolerance, developing mitigation strategies, and oversee continuous monitoring using appropriate tools.
• Assign roles clearly within the Risk Management Framework and supervise ongoing internal and external cybersecurity risk assessments and updates.
• Provide leadership to ensure cybersecurity risks are properly identified, documented, and managed through robust governance processes aligned with the organizational risk appetite.

Compliance with Cybersecurity Standards, Laws, and Regulations

• Monitor and support compliance with cybersecurity legislation, regulations, and organizational directives, providing periodic reviews of strategies, policies, and third-party contracts.
• Supervise the identification and resolution of cybersecurity incidents and vulnerabilities, ensuring alignment with financial, legal, contractual, and regulatory requirements.
• Evaluate cybersecurity defense policies and configurations, recognizing patterns of non-compliance, and recommending improvements.
• Collaborate with stakeholders to ensure continuous compliance monitoring and remediation, addressing cybersecurity aspects effectively within the organization and third-party services.

Periodical Cybersecurity Review and Audit

• Oversee cybersecurity compliance processes and audits for internal systems and third-party services, maintaining comprehensive audit logs, and supervising the remediation of identified issues.
• Ensure audits comprehensively test infrastructure, policies, software, systems, and applications against documented cybersecurity requirements, maintaining up-to-date assessment toolkits.
• Monitor risk analyses and cybersecurity audits, tracking audit findings, recommending cost-effective mitigations, and confirming that cybersecurity controls align with national, international, and organizational standards.
• Coordinate securely with external auditors, ensure thorough documentation of security measures and design processes, and validate compliance through regular and targeted audit practices.

Supply Chain and Third-party Cybersecurity

• Oversee cybersecurity risk protection related to third-party engagements, including outsourcing, mergers, acquisitions, and procurements, ensuring compliance with organizational policies and applicable regulations.
• Ensure effective communication and resolution during third-party cybersecurity incidents, documenting supply chain risks for critical system elements, and supervising third-party management controls.
• Collaborate closely with legal advisers and third parties to meet privacy and data security requirements, conducting cybersecurity training for third-party affiliates, employees, and contractors.