GRC Manager (Governance, Risk, and Compliance)

Summary:

The GRC Manager will be responsible for developing, implementing, and maintaining the organization’s security and governance, risk management, and compliance programs. This role requires a deep technical understanding of IT security measures and risk management practices to ensure the security and integrity of the company's MIS and Engineering systems and data, align MIS and engineering operations with regulatory requirements, and mitigate IT risks.

Key Roles and Responsibilities:

1. Technical IT Security Management:

• Develop and implement advanced IT security strategies and solutions.
• Manage and monitor security systems, including firewalls, intrusion detection systems, and endpoint protection.
• Conduct detailed security assessments, vulnerability scans, and penetration tests.
• Respond to and resolve complex security incidents, including conducting forensic investigations and root cause analysis.
• Ensure the implementation of security controls and best practices across IT systems and networks.

2. Governance:

• Develop and maintain MIS and Engineering governance policies, procedures, and standards in alignment with industry best practices and regulatory requirements.
• Develop and maintain MIS and Engineering governance frameworks, technical policies, and procedures.
• Implement governance frameworks such as COBIT, ISO 27001, ISO 27017, ISO 27018, NIST, Saudi Arabia CITC, SOC 2, PCI etc., to ensure effective IT governance across the organization.
• Coordinate with key stakeholders to establish MIS governance committees and facilitate regular meetings to review MIS and Engineering policies and procedures.
• Facilitate MIS governance structures and technical committees.

3. Risk Management:

• Identify, assess, and prioritize technical MIS and Engineering risks.
• Develop and implement risk management strategies and technical mitigation plans.
• Conduct regular technical risk assessments and identify potential threats and vulnerabilities within the MIS and Engineering infrastructure.
• Develop risk mitigation strategies and action plans to address identified risks.
• Monitor and track risk mitigation activities to ensure timely resolution and compliance with established policies and procedures.
• Monitor and report on the status of technical MIS and engineering risks and control effectiveness.

4. Compliance:

• Stay current on and complaint with relevant laws, regulations, and industry standards related to IT security and compliance in align with SAUDI Arabia CITC and SAMA, Egypt NTRA and Central bank, Europe .
• Manage technical compliance programs and initiatives.
• Conduct compliance assessments to evaluate adherence to regulatory requirements and internal policies.
• Prepare compliance reports and documentation for regulatory audits and review

5.  Policy and Procedure Development:

• Develop, implement, and maintain technical MIS and Engineering security policies and procedures.
• Ensure technical policies and procedures are communicated and enforced across the organization.

6.  Incident Management:

• Oversee the technical MIS and engineering incident management process.
• Ensure timely identification, reporting, and resolution of technical MIS and Engineering  security incidents.
• Conduct root cause analysis and implement corrective technical actions.

7. Security Awareness:

• Develop and deliver technical MIS security, governance, risk, and compliance training programs.
• Collaborate with the MIS security team to develop and deliver training programs on MIS governance, risk management, and compliance.
• Promote a culture of security awareness and compliance throughout the organization.

8.  Stakeholder Engagement:

• Collaborate with internal and external stakeholders, including auditors, regulators, and technical teams.
• Provide technical guidance and support to management and staff on MIS security and GRC-related matters.

9.  Reporting:

• Prepare and present regular technical reports on MIS security, governance, risk, and compliance to senior management and the board of directors.
• Maintain accurate technical records and documentation.

Requirements

• Bachelor’s degree in information technology with a major of Cybersecurity (master’s degree preferred)
• Professional certifications such as CISSP, CISM, CRISC, CISA, or similar.
• Minimum of 10 years of experience in technical IT security, governance, risk management, and compliance roles.
• Strong technical knowledge of IT governance frameworks, regulatory requirements, and best practices.
• Strong analytical and problem-solving skills with attention to detail.
• Ability to manage multiple technical projects and priorities in a fast-paced environment.
• Experience with technical security and GRC tools and software.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Proficiency in risk assessment methodologies and tools.
• Experience with IT audit processes and procedures.
• Knowledge of relevant laws and regulations such as GDPR, HIPAA, SOX, etc.