Maintain Cybersecurity Governance: To refresh and align cybersecurity governance with regulatory requirements and best practices.
Ensure Cybersecurity Risk Management: To identify and assess cybersecurity risks to improve security posture and reduce impact.
Uphold Cybersecurity Compliance: To assure cybersecurity compliance requirements are audited and remediated accordingly.
Improve Cybersecurity GRC Operations: To enhance various GRC assessments and activities and be more agile in a fast-paced enterprise
Cybersecurity Compliance Tasks
- Perform assessments based on NCA regulations (such as ECC and OSMACC) and the client standards.
- Track findings, communicate with internal stakeholders, and validate evidences.
- Support in internal audit activities.
- Support in external audit activities (ISO27001).
- Prepare weekly and monthly status report for compliance status.
Cybersecurity Risk Management Tasks
- Perform risk assessments for new solutions and third parties, as well as major technology changes.
- Maintain risk register, follow up on mitigation plane with stakeholders and validate evidences.
- Represent cybersecurity in IT demand management and IT change management.
- Participate and develop Root Cause Analysis corrective actions resulting from Cybersecurity incidents.
- Prepare weekly and monthly status report.
Cybersecurity Governance Tasks
- Review and update cybersecurity documentation such as standards and policies, as well as other documents part of cybersecurity governance framework.
- Develop new standards, processes, and procedures.
- Monitor cyber practices and operational KPIs.
- Create a governance review plan.
Requirements
5 Years of Experience s a GRC
The candidate should be aware of the following frameworks
- NCA – ECC National Cybersecurity Authority - Essential Cybersecurity Controls – ECC–1:2018
- NCA – CCC National Cybersecurity Authority - Cloud Cybersecurity Controls –CCC–1:2020
- NCA – TCC TCC–1:2021
- NCA – OSMACC National Cybersecurity Authority – Organization’s Social Media Accounts Cybersecurity Controls –OSMACC–1:2021
- NCA – DCC National Cybersecurity Authority - Data Cybersecurity Controls – DCC–1:2022
- NDMO National Data Management Office Regulations and Standards
- ISO27001: 2022 ISO (International Organization for Standardization) 27001 SO/IEC 27001:2022 standard for Information Security Management Systems (ISMS)