49034BRReq No.:49034BRJob Description and Qualifications: The Jazan IGCC is the world’s largest IGCC and ASU facility producing 2100 MMSCFD syngas, 18,000 MT/Day Oxygen and 4 Gigawatts of power. Facilities and assets include residue gasification, acid gas clean up (Rectisol), soot ash recovery, Sulphur recovery (Claus & Scot), combined cycle power plants, materials handling systems, hydrogen recovery, air separation, water utilities systems and wastewater treatment facilities.

　　JOB SCOPE

　　Manage JIGPC’s Cybersecurity GRC section activities and oversee GRC team’s day to day operations. Support and mentor the GRC team to execute the section’s responsibilities in an efficient manner

　　Manage the GRC application and ensure it’s performance, security, and reliability.

　　Identify Cybersecurity related Threats, Vulnerabilities and Risks and work with the relevant Stakeholders to implement appropriate Cybersecurity controls for their mitigation.

　　Monitor and report on the Compliance of JIGPC’s Cybersecurity policies, procedures, applicable regulations, and standards as well as Audit reports.

　　Maintains understanding of the regulatory landscape and incorporates the requirements of new regulatory mandates in the existing/new policies and procedures as applicable.

　　Governs development and maintains structure of cybersecurity organizational documentation, processes, manages cyber risks, and assures compliance with the organization’s cybersecurity, risk management and related legal requirements.

　　Control the execution and implementation of Cybersecurity GRC related projects ensuring completion to deadlines and within budgets. Undertake planning, costing, project management and coordination with JIGPC internal stakeholders and suppliers/ vendors.

　　Guarantee Quality of Work and deliverables.

　　Internal Contacts: External Contacts:

　　• Cybersecurity Director

　　• Cybersecurity Team

　　• IT / OT Team

　　• Internal Auditor, and

　　• Any other JIGPC Departments if required • Contractors

　　• Suppliers and Vendors

　　• Consultants

　　• External Auditors

　　• External Support Groups

　　• Government Entities

　　PRINCIPAL DUTIES AND RESPONSIBILITIES

　　Accountable for Organization Cybersecurity Governance, Risk and Compliance (GRC) systems and activities.

　　Responsible for overseeing the work assigned to GRC section staff

　　Ensuring JIGPC’s data, information systems and networks are protected by appropriate Cybersecurity controls and providing GRC related support to users as and when required.

　　Conducting Cybersecurity Risk Management of JIGPC’s Information assets and services, and, work with risk owners to mitigate their risks through appropriate Cybersecurity controls.

　　Responsible for managing the third-party cybersecurity risk management program

　　Developing, maintaining, and regularly updating a Cybersecurity Risk Register and contribute toward enterprise related risks requirements.

　　Developing, maintaining, and regularly updating Cybersecurity policies, processes, procedures, and other related documentation and contributing towards their improvements.

　　Performing Compliance Management for JIGPC Cybersecurity Policies, Procedures, applicable Regulations (MoE, NCA and HCIS) as well as Standards and Audit Recommendations.

　　Preparing and providing regular Cybersecurity Reports (Weekly, Monthly, Quarterly, Yearly, Ad Hoc, etc.) for the Cybersecurity Director and Top Management.

　　Developing and Operating a Cybersecurity Awareness Program consisting of Cybersecurity related training and awareness sessions, Phishing awareness and Tests and Cybersecurity Announcements, etc.

　　Interacting with Consultants for GRC projects and ensuring the projects are completed on time and within budget.

　　Ensuring distribution of knowledge within the Cybersecurity team through coaching and training of junior staff, contributing to the technical robustness of the team.

　　Ensuring an organization’s cybersecurity program complies with applicable requirements, policies, and standards.

　　Identifying and managing data privacy risks and compliance requirements

　　Managing the GRC Application, maintain roles, control access, ensure the identified risks are appropriately recorded with RTPs and action owners, coordinate with IT for management of infrastructure of the GRC application.

　　Coordinate with IT Department to automate cybersecurity workflows in JIGPC Helpdesk tool where feasible

　　Contributing to strengthening organization’s Cybersecurity posture.

　　Performing any other duties assigned by the Cybersecurity Director.

　　REQUIREMENTS

　　Minimum Qualifications (degree, training, or certification required)

　　Degree: Bachelor’s Degree in Cybersecurity, Information Security, Computer Science or equivalent.

　　Certifications: GRC and Cybersecurity related certifications (e.g. CISSP, CISA, CRISC, CISM, CEH, GIAC, SSCP, etc.) preferred.

　　Training and other requirements:

　　Robust knowledge of Cybersecurity regulations, standards, and controls.

　　Strong understanding of IT / OT /Cybersecurity Governance, IT/OT technologies, and services.

　　Expertise in preparing and analysing GRC and Cybersecurity reports.

　　Experience in IT / OT Cybersecurity related Audit / Compliance / Regulatory discussions.

　　Minimum Experience (Technical, functional, and/or leadership experience required)

　　Eight to Ten (8 – 10) years of Cybersecurity /Information Security related work experience in the area of IT/OT Cybersecurity GRC or IT/OT Cybersecurity management.

　　Job Specific Skills (Key functional, leadership, or business skills required)

　　Awareness of latest IT/OT /Cybersecurity GRC trends and techniques.

　　Ability to identify Cybersecurity related Risks and their corresponding controls.

　　Ability to work under pressure in a fast-paced environment and meet tight deadlines.

　　Ability to work successfully in both individual and team settings.

　　Strong critical thinking, problem-solving, logic, and forensics skills.

　　Demonstrated capacity to learn, intellectual honesty and independent thinking.

　　Strong leadership skills.

　　Strong verbal and written communication skills in English.

　　Ability to deliver effective presentations to all levels of management.

　　Note: This is a JIGPC Direct hire

　　Job Title:Cybersecurity GRC Manager - JazanEmployment Status:Full TimeLocation:MEET-KSA-Jazan-JIGPC Country:Saudi ArabiaRegion:Middle East, Egypt, Turkey (MEET) Organization:Global Engrg Mfg Technology & Equipment Business Sector / Division:GEMTE MEET