***Clarification on SMP Contract: It is Supplementary Manpower service contract job in which prospective applicants are interviewed and salary determined by NEOM interview panel; and being employed under the payroll of SMP Contract (SMP Vendor). Successfully mobilized candidates would be under the visa sponsorship of SMP Vendor Company/Contract.
ROLE OVERVIEW
Cybersecurity Compliance management, handling compliance with National regulatory requirements and international best practices, support with various assessments and compliance posture management.
Key Accountabilities
- Ability to identify the relevant regulatory requirements and standards applicable to entities and services.
- Ability to map relevant standards and controls to unify the compliance efforts.
- Conducting cybersecurity compliance assessment for the following NCA regulations and industry standards (not limited to) on NEOM wide level:
- NCA Essential Cybersecurity Controls (ECC)
- NCA Critical Systems Cybersecurity Controls (CSCC)
- NCA Cloud Cybersecurity Controls (CCC) o NCA Telework Cybersecurity Controls (TCC)
- NCA Operational Technology Cybersecurity Controls (OTCC)
- NCA Organizations Social Media Accounts Cybersecurity Control (OSMACC)
- NCA Data Cybersecurity Controls (DCC)
- ISO/IEC 27001:2022 o NDMO Regulations
- NIST CSF2.0
- Develop compliance register and ensure integration with risk register (where applicable)
- Gather relevant evidences and RFI's (Request for Information) as per the detailed list provided by NCA, to ensure effectiveness of the compliance.
- Manage the certification program of ISMS, including preparation for annual ISO surveillance audits and development of policies and procedures that align with ISMS requirements.
- Conducting cybersecurity compliance reviews against policies and relevant internal audits observations at regular intervals as per applicable regulations and standards.
- Review and audit vendor related documents and security certifications to ensure compliance with controls
- Effectively manage the non-compliance and gaps identified with relevant stakeholders on regular basis.
- Continuous monitoring of compliance and development of relevant management dashboard and reports.
- Interactions with relevant stakeholders on NEOM wide level on regular basis.
- Reporting KPIs and KRIs related to compliance
EXPERIENCE & QUALIFICATIONS
- Knowledge in compliance assessments, regulatory compliance, international best practices and cybersecurity obligations.
- Experience in NCA and other national regulatory standards.
- Experience in conducting compliance assessments and managing the non-compliance.
- Experience in gathering evidences and detailed requirements to satisfy compliance.
- Knowledge of cybersecurity policies, procedures, standards, MBSS and other requirements relevant to NEOM.
- Knowledge of ISO27000, NIST and SOC reports
- Knowledge of cybersecurity related threats and vulnerabilities.
- Knowledge of data protection controls and best practices
- Knowledge of cloud computing controls and best practices
- Excellent written and oral communication skills.
- Analytical and numerical skills and an eye for detail
Qualifications
- Certifications: ISO 27001, CISA, CISM, CRISC, SANS (or equivalent)
- Expected areas of expertise: Cyber compliance assessments, Cyber compliance monitoring
- Years of experience: Min. 8-9 years
