Cybersecurity Governance & Compliance Officer "GRC"

Maintain Cybersecurity Governance : To refresh and align cybersecurity governance with regulatory requirements and best practices.

Ensure Cybersecurity Risk Management : To identify and assess cybersecurity risks to improve security posture and reduce impact.

Uphold Cybersecurity Compliance : To assure cybersecurity compliance requirements are audited and remediated accordingly.

Improve Cybersecurity GRC Operations : To enhance various GRC assessments and activities and be more agile in a fast-paced enterprise

Cybersecurity Compliance Tasks

• Perform assessments based on NCA regulations (such as ECC and OSMACC) and the client standards.
• Track findings, communicate with internal stakeholders, and validate evidences.
• Support in internal audit activities.
• Support in external audit activities (ISO27001).
• Prepare weekly and monthly status report for compliance status.

Cybersecurity Risk Management Tasks

• Perform risk assessments for new solutions and third parties, as well as major technology changes.
• Maintain risk register, follow up on mitigation plan with stakeholders and validate evidences.
• Represent cybersecurity in IT demand management and IT change management.
• Participate and develop Root Cause Analysis corrective actions resulting from Cybersecurity incidents.
• Prepare weekly and monthly status report.

Cybersecurity Governance Tasks

• Review and update cybersecurity documentation such as standards and policies, as well as other documents part of cybersecurity governance framework.
• Develop new standards, processes, and procedures.
• Monitor cyber practices and operational KPIs.
• Create a governance review plan.

Requirements

5 Years of Experience as a GRC

The candidate should be aware of the following frameworks

• NCA - ECC National Cybersecurity Authority - Essential Cybersecurity Controls - ECC-1 : 2018
• NCA - CCC National Cybersecurity Authority - Cloud Cybersecurity Controls -CCC-1 : 2020
• NCA - TCC TCC-1 : 2021
• NCA - OSMACC National Cybersecurity Authority - Organization's Social Media Accounts Cybersecurity Controls -OSMACC-1 : 2021
• NCA - DCC National Cybersecurity Authority - Data Cybersecurity Controls - DCC-1 : 2022
• NDMO National Data Management Office Regulations and Standards
• ISO27001 : 2022 ISO (International Organization for Standardization) 27001 SO / IEC 27001 : 2022 standard for Information Security Management Systems (ISMS)