- Enhance or develop cybersecurity GRC framework, policies, and procedures.
- Implement, maintain, and support cybersecurity GRC policies, and procedures.
- Work with cross-functional teams to assess security vulnerabilities and process deficiencies to develop effective mitigation strategies, also track and provide remediation guidance for new projects, services and/or third-party contracts in terms of information security assurance.
- Develop and maintain regular cybersecurity awareness training to ensure all staff members are knowledgeable with the organization's cybersecurity policies, procedures, and standards.
- Improve security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Oversee highest risk initiatives and serve as a point of escalation for remediation/mitigation efforts.
- Develop and work on risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities following the compliance.
- Consolidate Data analysis of important GRC risk information, including the cyber risk register, policy exceptions, audit findings and data security reviews.
- Lead and manage Comprehensive Risk assessment and Risk action plans.
- Lead and manage NCA and other regulatory compliance requirements.
- Develop and mentor the GRC team members.
- Develop and manage project proposals, resources, and plans.
- Perform any other related duties as required or assigned.
- Bachelor of Science (BS) OR bachelor's degree in computer science, Management Information Technology (MIS), Engineering, Physical Sciences or equivalent.
- IT Industry Accredited and related certificate e.g., ITIL, CCSP, CEH, CISA, CISM.
- Proficient with Information security and GRC systems, applications, and tools
- Proficient with frameworks and standards associated with Information security/GRC such as ISO 27001, NIST, ISO 38500, COBIT 5
- Familiar with frameworks and standards associated with IT like ITIL, ISC 20000 etc.
- At least 9-15 years in Information security and GRC.
- Thoroughly proficient in both verbal and written English
- Frequent contact with Senior Analysts for direction and guidance, and with customers for review and evaluation of application requirements.
- Frequent contact with vendors for product information, and Information Technology (IT) project status.
- Resume/CV
- Professional Certificates
IMI1955 - Division Head GRC - Ras Al-Khaimah, United Arab Emirates - International Maritime Industries
Description
JOB PURPOSE / OBJECTIVEDevelop and implement business applications, systems, and procedures within recognized fields of Information Technology (IT) endeavors as detailed.
Key Accountabilities
Education
Internal Interactions