Y-Axis Jobs Logo
Send us feedback
telephone  +91 7670 800 001
Log in Sign up Try Premium
Manager -Cybersecurity GRC-Saudi National at Al Jomaih Energy and Water
Dammam, Eastern Province, Saudi Arabia -
Full Time

Start Date

Immediate

Expiry Date

20 Mar, 26

Salary

0.0

Posted On

20 Dec, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Cybersecurity, Governance, Risk Management, Compliance, Policy Writing, Audit, Risk Facilitation, NCA Frameworks, ISO 27001, Arabic, English, Third-Party Risk, Cloud Computing, Training, Reporting, KPI Tracking

Industry

Utilities

Description
Overview The cybersecurity GRC manager helps run the governance, risk, and compliance program across AEW and AEW-served companies. The role is expected to drive policy lifecycle, assessments, audits, exceptions, third-party risk, and regulatory alignment. Role is expected to coordinate remediation with AEW Digital Services/IT and counterparts at serviced entities. Key Responsibilities Governance & Policy Maintain AEW’s cybersecurity policy/standard/procedure library; run annual review cycle; map to ECC-2:2024 and other applicable NCA controls (OTCC/CSCC/OSMACC) and relevant international baselines (e.g., ISO 27001). Publish and track mandatory control exceptions with end dates and risk acceptance. Compliance & Assurance Plan and run internal assessments for AEW and serviced entities; prepare for external inspections; maintain evidence library. Use the NCA ECC-2 Assessment & Compliance Tool when applicable; produce gap analyses and remediation plans. Risk Management Maintain the cyber risk register; facilitate business-owned risk decisions; integrate with enterprise risk. Run control design/effectiveness reviews ahead of audits. Third-Party & Cloud Ensure enforcement of third party cybersecurity controls in line with ECC-2:2024 “third-party and cloud computing” domain. Coordinate with Procurement and Legal. Awareness & Training Define compliance-focused awareness training plan and track completion. Reporting & Governance Provide monthly KPI packs to the Head of Digital Services and Cybersecurity Steering Committee. Qualifications & Skill Sets Bachelor’s degree. 3–7 years in cybersecurity GRC or audit. Proven work with NCA frameworks (ECC-2:2024; plus OTCC/CSCC/OSMACC as applicable to entity scope). Strong policy writing, audit, and risk facilitation skills; Arabic and English business proficiency. Preferred: ISO/IEC 27001 LA/LI, CISM, CRISC (or equivalent). Travel Regular travel within Saudi Arabia and other relevant countries as required by the business.
Responsibilities
The cybersecurity GRC manager oversees the governance, risk, and compliance program, driving policy lifecycle, assessments, audits, and regulatory alignment. The role also coordinates remediation efforts with AEW Digital Services/IT and serviced entities.