***Clarification on SMP Contract: It is Supplementary Manpower service contract job in which prospective applicants are interviewed and salary determined by NEOM interview panel; and being employed under the payroll of SMP Contract (SMP Vendor). Successfully mobilized candidates would be under the visa sponsorship of SMP Vendor Company/Contract.

ROLE OVERVIEW

The primary objective of Cyber Risk Manager is to establish and maintain cybersecurity policies, procedures,

and governance frameworks within the NEOM eco-system. This includes overseeing the implementation of

cybersecurity methodologies, monitoring cybersecurity Key Performance Indicators (KPIs), and managing

cybersecurity committees, working groups, and executive reporting

REQUIREMENTS SUMMARY

The Cyber Risk Associate SMP responsibilities will include, but not be limited to:

• Ensure compliance of cybersecurity policies and procedures with industry standards, laws, regulations, and NEOM's requirements.
• Supervise the development of a governance framework and operating model that aligns with best practices, laws, and regulations.
• Monitor the implementation of cybersecurity methodology and the roles and responsibilities for timely detection and mitigation of cyber threats.
• Define and update cybersecurity policies, procedures, and governance framework based on organizational requirements, best practices, and regulatory changes.
• Maintain and update the Unified Cybersecurity Framework, Risk and Control Matrix, Maturity definitions, and implementation trackers.
• Establish a consistent and repeatable cybersecurity governance methodology across NEOM.
• Support the development of cybersecurity policies and procedures by staying informed about the latest regulations and best practices.
• Participate in the development of cybersecurity governance methodology and propose improvements based on best practices.
• Analyze existing cybersecurity tools, identify strengths and weaknesses, and provide recommendations for enhancements.
• Define, manage, and monitor cybersecurity Key Performance Indicators (KPIs) across NEOM.
• Establish and maintain effective communication channels with stakeholders involved in cybersecurity governance.
• Review existing and proposed policies in collaboration with relevant stakeholders.
• Provide advisory support on cybersecurity governance, best practices, and regulatory requirements.
• Interpret and apply applicable laws, statutes, and regulatory documents to ensure integration into cybersecurity governance.
• Conduct regular audits of cyber programs and projects and provide input for improvement.
• Monitor team activities and review reports to identify areas for improvement in cybersecurity governance practices at NEOM.
• Develop and deliver regular reports to stakeholders in a timely manner.
• Provide clear direction, prioritize tasks, delegate responsibilities, and monitor workflows to ensure effective cybersecurity governance.
• Conduct regular cybersecurity governance reviews, incorporating stakeholder feedback and seeking continuous improvement opportunities.
• Foster collaboration with relevant governance teams to enhance controls and overall performance.
• Demonstrate leadership and engage with the business to support security assessments and ensure timely project execution while mitigating security risks.
• Identify and recommend measures to manage and mitigate risks, reducing potential impacts on information resources to an acceptable level.
• Collaborate closely with internal groups such as Human Resources, Corporate Governance, IT
• Governance, Internal Audit, Privacy, Legal, and Compliance to address policy and risk management matters.
• Enhance key performance indicators (KPIs), key risk indicators (KRIs), metrics, risk register, and trending.
• Continuously improve the cybersecurity function in alignment with NEOM's strategic objectives and growth.

EXPERIENCE & QUALIFICATIONS

Knowledge, Skills and Experience

• A bachelor’s degree in computer engineering, Computer Science, or a related field is a prerequisite for this role.
• Demonstrated experience with industry regulations and frameworks such as ISO27001, ISO31000,
• IRM, SAMA, Personal Data Protection Laws, NCA, CST, NDMO, NIST, CIS, etc.
• Proficiency in GRC (Governance, Risk, and Compliance) tools like Service Now, Archer, etc.
• Prior experience working in a highly regulated environment.
• Understanding of complex governance structures, including subsidiaries and Critical National Infrastructure.
• Expertise in developing cybersecurity controls, programs, and frameworks.
• Strong background in security controls, auditing, network, and system security.
• Ability to articulate complex technical concepts in business terms.
• Highly organized and detail-oriented, capable of meeting deadlines in a dynamic environment and handling multiple projects simultaneously.
• Evaluate the effectiveness of the internal security control framework and propose adjustments based on changing business needs.
• Regularly engage with management at all levels to present and discuss the effectiveness of controls

Qualifications

• 7+ years of experience in cyber risk management
• Cybersecurity certifications (ISO 27001, CISA, CISM, CRISC, SANS, PMP (or equivalent)