Manager -Cybersecurity GRC

Al Jomaih Energy and Water

Posted on 22 Dec 25

Experience

7 - 10 Years

Job Location

Eastern Province - Saudi Arabia

Education

Any Graduation()

Nationality

Saudi Arabian

Gender

Not Mentioned

Vacancy

1 Vacancy

Job Description

Roles & Responsibilities

Overview

The cybersecurity GRC manager helps run the governance, risk, and compliance program across AEW and AEW-served companies. The role is expected to drive policy lifecycle, assessments, audits, exceptions, third-party risk, and regulatory alignment. Role is expected to coordinate remediation with AEW Digital Services/IT and counterparts at serviced entities.

Key Responsibilities

Governance & Policy

  • Maintain AEW s cybersecurity policy/standard/procedure library; run annual review cycle; map to ECC-2:2024 and other applicable NCA controls (OTCC/CSCC/OSMACC) and relevant international baselines (e.g., ISO 27001).
  • Publish and track mandatory control exceptions with end dates and risk acceptance.

Compliance & Assurance

  • Plan and run internal assessments for AEW and serviced entities; prepare for external inspections; maintain evidence library.
  • Use the NCA ECC-2 Assessment & Compliance Tool when applicable; produce gap analyses and remediation plans.

Risk Management

  • Maintain the cyber risk register; facilitate business-owned risk decisions; integrate with enterprise risk.
  • Run control design/effectiveness reviews ahead of audits.

Third-Party & Cloud

  • Ensure enforcement of third party cybersecurity controls in line with ECC-2:2024 third-party and cloud computing domain.
  • Coordinate with Procurement and Legal.

Awareness & Training

  • Define compliance-focused awareness training plan and track completion.

Reporting & Governance

  • Provide monthly KPI packs to the Head of Digital Services and Cybersecurity Steering Committee.

Qualifications & Skill Sets

  • Bachelor s degree. 3 7 years in cybersecurity GRC or audit.
  • Proven work with NCA frameworks (ECC-2:2024; plus OTCC/CSCC/OSMACC as applicable to entity scope).
  • Strong policy writing, audit, and risk facilitation skills; Arabic and English business proficiency.
  • Preferred: ISO/IEC 27001 LA/LI, CISM, CRISC (or equivalent).

Travel

Regular travel within Saudi Arabia and other relevant countries as required by the business.

Company Industry

  • Power Generation
  • Power Distribution
  • Energy
  • Nuclear Energy

Department / Functional Area

  • System Administration
  • Network Administration
  • Security (IT Software)

Keywords

  • Manager -Cybersecurity GRC

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com

Al Jomaih Energy and Water

https://apply.workable.com/al-jomaih-energy-and-water/j/DC0443F2F9/