Assistant Manager Cyber security📣 Job Ad

About the Role

Saudi Global Ports is seeking an Assistant Manager for Cyber Security Governance, Risk & Compliance (GRC) to join its team in Dammam, Eastern Province, Saudi Arabia. This full-time position is integral to supporting the operationalization of the company's cybersecurity GRC programs, ensuring robust risk management, and maintaining organizational compliance. The role operates under the guidance of the GRC Manager, contributing to the overall cybersecurity posture.

The Assistant Manager - Cybersecurity GRC will be instrumental in executing cybersecurity governance, risk, and compliance activities. This includes operationalizing GRC programs, conducting comprehensive risk and compliance assessments, coordinating audits, and diligently tracking the implementation and effectiveness of controls.

Key Responsibilities

• Support the implementation and ongoing maintenance of Cybersecurity GRC programs, policies, standards, and procedures.
• Conduct and coordinate comprehensive cybersecurity risk assessments, control assessments, and compliance reviews.
• Establish and oversee the Cybersecurity Risk Management Program, encompassing risk identification, assessment, treatment, acceptance, and reporting.
• Monitor adherence to internal policies, relevant regulatory frameworks, and contractual cybersecurity requirements.
• Support internal and external cybersecurity audits by facilitating evidence collection, coordinating activities, and tracking the closure of identified findings.
• Perform third-party cyber risk assessments and actively follow up on remediation actions.
• Track and report on Corrective and Preventive Actions (CAPA), ensuring their timely closure within agreed timelines.
• Collaborate effectively with IT, OT, and business units to support risk mitigation efforts and the implementation of compliance measures.
• Prepare periodic reports, dashboards, and key metrics to communicate the cybersecurity risk and compliance status.
• Contribute to maintaining and enhancing cybersecurity awareness initiatives and training activities across the organization.
• Assist in documenting cybersecurity incidents, findings, and lessons learned to drive continuous improvement processes.
• Work closely with Cybersecurity Operations, Technology, and IT teams to support risk mitigation activities, control implementation, and validation of cybersecurity controls.
• Undertake cybersecurity-related tasks and assignments as required to support departmental objectives and meet regulatory expectations.
• Contribute input to operational, architectural, or defensive activities for cross-functional cybersecurity initiatives when needed.

Qualifications and Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a closely related field.
• 4 to 6 years of progressive experience in cybersecurity risk, governance, or compliance functions.
• Working knowledge of established cybersecurity frameworks such as NCA ECC, ISO 27001, and NIST.
• Demonstrated experience in supporting audits, conducting risk assessments, and tracking compliance activities.
• Familiarity with Governance, Risk, and Compliance (GRC) tools and various risk management methodologies.
• Certifications such as CRISC, CISA, or ISO 27001 Lead Implementer/Auditor (LI/LA) are considered a strong advantage.

Required Skills

• Strong analytical and documentation skills.
• Meticulous attention to detail and a focus on control effectiveness.
• Excellent collaboration and coordination abilities.
• Clear and effective written and verbal communication skills.
• A proactive continuous improvement mindset.
• Proficiency in Cybersecurity Governance, Risk Management, and Compliance principles.
• Experience with GRC programs, risk assessments, control assessments, and compliance reviews.
• Knowledge of cybersecurity frameworks including NCA ECC, ISO 27001, and NIST.
• Experience in managing audits and third-party cyber risk assessments.
• Understanding of Corrective and Preventive Actions (CAPA).
• Familiarity with IT and OT environments.
• Experience with GRC tools and risk management methodologies.

Work Environment and Details

This is a full-time position based in Dammam, Eastern Province, Saudi Arabia. The role involves working closely with various internal teams to ensure comprehensive cybersecurity risk management and compliance across the organization.