Specialist, Cybersecurity Grc Iii

**1. JOB DETAILS**:
**Position Title**:Specialist: Cyber Security GRC**

**Broad Band**:M09: Professional**

**Department & Function**:Ma’aden Cyber Security**

**Talent Pipeline Layer**:Manage Self: Expert/Consultant (MS)**

**2. OVERALL JOB PURPOSE**:
**The Specialist: Cyber Security GRC works across the entire Cyber Security division across Ma’aden Corporate and Affiliates in Saudi Arabia, India, Malawi, Zimbabwe, Mozambique, South Africa and Mauritius. This position is responsible for conducting technology risk assessments, control self assessments, and vendor risk assessments are carried out on a regular basis. This position is also responsible for Cyber security awareness, security performance monitoring, and status reporting as well as developing and setting up required policies and SOPs. Performs compliance and aduit activities.**

**3. QUALIFICATIONS, EXPERIENCE & SKILLS**:
**Qualification**:
**1. Bachelor degree in Computer Science or Management Information Systems with an advanced degree desirable**

**Experience**:
**1. At least 2-4 Years' relevant experience**

**Skills**:
**1. Good understanding of Cyber Security standards (ISO27001, 22301, 9001, NIST)**
**2. Good understanding of IT / OT technologies.**
**3. Information Security Certification (CISM / CISSP / ISO27001 / ISMS Lead Auditor / ISA/IEC 62443)**

**4. KEY ACCOUNTABILITIES**:
**Focus Area**

**Get results through individual expert contributions, influence & efforts**

**Operational / Functional**

**1. Risk Management**:

- **Develop a deep understanding of IT/OT Cyber Security risks and drive the response process in order to minimize the impact of these risks**:

- **Understand and explain risks and exposure to IT/OT environments.**:

- **Identify the critical assets for overall Ma'aden in the seven countries and maitain & mitigate the risk associated.**:

- **Conduct risk and threat research, keeping current with the evolving Cyber threat landscape.**:

- **Understand and incorporates Cyber risk assessments reports into Cyber risk registers for IT and OT.**:

- **Actively participate in IT/OT Cyber Security risk assessments across Ma’aden**:

- **Govern Cybersecurity risks across Ma’aden**:

- **Conduct third party and vendor risk assessment / audit programs**:

- **Support the Manager: Cyber Security GRC by contributing to the development of a comprehensive Risk Management Framework that sets the tone for assessments and threat management across Ma’aden**:

- **Support the Manager: Cyber Security GRC by contributing to the establishment of a Data Security Governance Framework, Data Risk Governance, Data privacy compliance Framework, Data privacy assessment, Cloud data privacy management**:

- **Support the Manager: Cyber Security GRC by contributing to the establishment of a Risk Intelligence center (RIC) covering Common control framework, cloud risk**

**2. Strategy, Governance & Compliance**:

- **Facilitate the execution of the Ma’aden Cyber Security Strategy across the organization**:

- **Execute governance, risk and compliance (GRC) initiatives and activities across Ma’aden**:

- **Provide input on Cyber Security policies, standards, procedures and the Unified Control Frameworks (UCF)**:

- **Ensure continous and peridical review of all governance related in terms of policies, processes, frameworks and controls.**:

- **Communicate GRC objectives to ensure appropriate compliance and risk aware culture**:

- **Provides IT/OT Cyber Security consultation to stakeholders across Ma'aden in Saudi Arabia, India, Malawi, Zimbabwe, Mozambique, South Africa and Mauritius**

**1. Consistently deliver solutions which contribute to business results and improved competitiveness (consulting advice, business options)**
**2. Deliver quality solutions/ service cost effectively on time and within risk parameters**
**3. Provide advice that are generally accepted and implemented on programmes and systems, creating a competitive advantage for organization, leading to quality results**
**5. Deliver Cost effective results**
**6. Risk results**
**7. HSE targets**
**8. Conduct Research & Development that leads to new solutions being implemented in the organization**

**Leadership**

**1. Capability building**:

- **Builds awareness of IT/OT Cyber Security governance areas through Training & awareness**:

- **Subject Matter Expert in IT/OT Cyber Security Coaching, Problem solving, and Risk Management tools and techniques**

**2. Quality Assurance**:

- **Develop a Cyber Security awareness, training program and related strategy for users across Ma’aden**:

- **Provide Quality Assurance & Compliance advice and services to improve service delivery performance and enhance customer satisfaction**:

- **Conduct internal audits to check compliance of IT/OT Cyber Security standards, and propose plans to close gaps as part of the Internal & External Audit “Non-Conformance (NC)” and Observations closure process**:

- **Coordinate with IA to