Manager, Governance, Risk & Compliance (GRC)

This GRC role in fulfillment of internal and regulatory requirement to ensure compliance with sector-wide and enterprise-wide cybersecurity policies, standards and procedures.

Main Responsibilities:

• Oversee the development, testing, and maintenance of cybersecurity measures to safeguard both IT and OT Critical Information Infrastructure (CII) and Non CII assets
• Formulate cybersecurity policies and procedures for IT and OT systems, ensuring compliance with regulatory requirements, including the Cybersecurity Code of Practice (CCoP 2.0)
• Conduct security audits, vulnerability assessments and risk assessment and checks to ensure security controls are in place and are functioning properly and working with regulatory bodies to ensure organisation meets cybersecurity standards
• Conduct CII penetration test, red/ purple teaming exercise on a regular basis ensuring organisation Business Continuity Plan (BCP) and Disaster Restoration Plan (DRP) are well documented and communicated
• Identify emerging threats and vulnerabilities, and recommend appropriate controls and solutions for implementation to enhance cybersecurity posture
• Liaising with cybersecurity vendors in conducting relevant assessments to fulfil regulatory requirements
• Plan and implement budgeted cybersecurity projects based on business requirements
• Develop and implement sector-wide cybersecurity oversight programme to ensure compliance with cybersecurity policies
• Review waiver and non-compliance of cybersecurity policy and procedures and carry out users engagements to ensure compliance
• Work closely with internal and external stakeholders on regularly review and enhance cybersecurity incident response plans and playbooks to achieve cybersecurity readiness
• Conduct cybersecurity exercises
• Educate users on cybersecurity security, providing training to employees and contractors on cybersecurity policy, standards and procedures

Requirements:

• Degree in Computer Engineering or equivalent. Trained in Cybersecurity, Information Security, Forensics or equivalent
• 5 years of direct and relevant full-time cybersecurity work experience in policy formulation, incident response, and management, regulatory oversight and compliance
• CISSP/CISM/CISA/CEH/ CRISC or equivalent certification
• Strong domain knowledge of information security governance and risk management, controls, vulnerability assessment/penetration testing, compliance, business continuity, investigations, system architecture and design, legal, and industry IT/OT and cyber security bestpractices
• Knowledge on CSA Code of Practice (CCoP), ISO27001 and IEC62443, NIST Cybersecurity Framework.
• Experience in Threat detection, Penetration testing and red/purple teaming