Cybersecurity Governance & Compliance Officer "GRC"
- الرياض
- دائم
- دوام كامل
- Perform assessments based on NCA regulations (such as ECC and OSMACC) and the client standards.
- Track findings, communicate with internal stakeholders, and validate evidences.
- Support in internal audit activities.
- Support in external audit activities (ISO27001).
- Prepare weekly and monthly status report for compliance status.
- Perform risk assessments for new solutions and third parties, as well as major technology changes.
- Maintain risk register, follow up on mitigation plane with stakeholders and validate evidences.
- Represent cybersecurity in IT demand management and IT change management.
- Participate and develop Root Cause Analysis corrective actions resulting from Cybersecurity incidents.
- Prepare weekly and monthly status report.
- Review and update cybersecurity documentation such as standards and policies, as well as other documents part of cybersecurity governance framework.
- Develop new standards, processes, and procedures.
- Monitor cyber practices and operational KPIs.
- Create a governance review plan.
- NCA – ECC National Cybersecurity Authority - Essential Cybersecurity Controls – ECC–1:2018
- NCA – CCC National Cybersecurity Authority - Cloud Cybersecurity Controls –CCC–1:2020
- NCA – TCC TCC–1:2021
- NCA – OSMACC National Cybersecurity Authority – Organization’s Social Media Accounts Cybersecurity Controls –OSMACC–1:2021
- NCA – DCC National Cybersecurity Authority - Data Cybersecurity Controls – DCC–1:2022
- NDMO National Data Management Office Regulations and Standards
- ISO27001: 2022 ISO (International Organization for Standardization) 27001 SO/IEC 27001:2022 standard for Information Security Management Systems (ISMS)