Enable job alerts via email!
Manager -Cybersecurity GRC-Saudi National
Aljomaih Energy and Water Company
Dammam
On-site
SAR 200,000 - 300,000
Full time
Generate a tailored resume in minutes
Land an interview and earn more. Learn more
Job summary
A leading energy and water company in Saudi Arabia is looking for a Cybersecurity GRC Manager to oversee the governance, risk, and compliance program. The role involves maintaining cybersecurity policies, conducting assessments, and ensuring compliance in both Arabic and English. Successful candidates will possess a Bachelor's degree and have 3-7 years of related experience, particularly with NCA frameworks. Regular travel within Saudi Arabia and other countries may be required as part of the role.
Qualifications
- 3‑7 years in cybersecurity GRC or audit experience.
- Proven experience with NCA frameworks (ECC-2:2024).
- Strong skills in policy writing and risk facilitation.
Responsibilities
- Maintain cybersecurity policy/standard/procedure library.
- Run internal assessments for AEW and serviced entities.
- Ensure enforcement of third-party cybersecurity controls.
Skills
Education
The cybersecurity GRC manager helps run the governance, risk, and compliance program across AEW and AEW-served companies. The role is expected to drive policy lifecycle, assessments, audits, exceptions, third‑party risk, and regulatory alignment. Role is expected to coordinate remediation with AEW Digital Services/IT and counterparts at serviced entities.
- Maintain AEW's cybersecurity policy/standard/procedure library; run annual review cycle; map to ECC-2:2024 and other applicable NCA controls (OTCC/CSCC/OSMACC) and relevant international baselines (e.g., ISO 27001)
- Publish and track mandatory control exceptions with end dates and risk acceptance
- Plan and run internal assessments for AEW and serviced entities; prepare for external inspections; maintain evidence library
- Use the NCA ECC-2 Assessment & Compliance Tool when applicable; produce gap analyses and remediation plans
- Maintain the cyber risk register; facilitate business‑owned risk decisions; integrate with enterprise risk
- Run control design/effectiveness reviews ahead of audits
- Ensure enforcement of third‑party cybersecurity controls in line with ECC-2:2024 "third‑party and cloud computing" domain
- Coordinate with Procurement and Legal
- Define compliance‑focused awareness training plan and track completion
- Provide monthly KPI packs to the Head of Digital Services and Cybersecurity Steering Committee
- Bachelor's degree. 3‑7 years in cybersecurity GRC or audit
- Proven work with NCA frameworks (ECC-2:2024; plus OTCC/CSCC/OSMACC as applicable to entity scope)
- Strong policy writing, audit, and risk facilitation skills; Arabic and English business proficiency
- Preferred: ISO/IEC 27001 LA/LI, CISM, CRISC (or equivalent)
Regular travel within Saudi Arabia and other relevant countries as required by the business.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
