The Director of Cybersecurity Governance, Risk, and Compliance (GRC) is responsible for establishing, implementing, and maintaining ACWA Power's group-wide cybersecurity governance, risk, and compliance framework. The role ensures consistency, regulatory alignment, and effective risk mitigation across all entities of ACWA Power. It also oversees the implementation of corporate cybersecurity and OT governance frameworks across project companies, ensuring alignment with stakeholder rights, ownership levels, and NCA regulatory requirements.
KEY ACCOUNTABILITIES
- Oversee the development and maintenance of ACWA Power's Cybersecurity GRC framework, policies, and processes.
- Ensure consistent implementation of cybersecurity governance and risk management practices across corporate and project entities.
- Oversee compliance with regulatory frameworks such as NCA ECC, ISO 27001, NIST, and other relevant standards.
- Lead the group-wide cybersecurity risk management program, ensuring effective identification, assessment, mitigation, and reporting of risks.
- Drive alignment between IT, OT, and Digital governance to maintain unified cybersecurity oversight.
- Oversee the monitoring and evaluation of the project company cybersecurity and OT governance to ensure compliance with group policies and stakeholder expectations.
- Report cybersecurity posture, key risks, and compliance status to the CISO and executive leadership.
- Provide strategic direction for cybersecurity awareness, training, and governance maturity improvement initiatives.
Qualifications:
- Bachelor's degree in Computer Science, Information Security, or a related field.
- Master's degree is preferred.
- CISSP, CISM, CRISC, or ISO 27001 Lead Implementer.
Experience:
- Minimum 15+ years of experience in cybersecurity, with at least 5 years in a governance, risk, and compliance leadership role.
- Experience in developing and implementing cybersecurity GRC frameworks across large, multi-entity organizations.
- Strong knowledge of regulatory frameworks, particularly NCA ECC, ISO 27001, NIST, and related cybersecurity standards.
- Familiarity with governance practices in energy, utilities, or critical infrastructure sectors
Skills:
- Expertise in cybersecurity governance, risk management, and compliance methodologies.
- Strong understanding of IT and OT security governance models.
- Proficiency in risk assessment, control evaluation, and audit management.
- Excellent analytical, communication, and stakeholder management skills.
- Ability to interpret regulatory requirements and translate them into actionable policies and processes.
- Governance and Compliance Management, Analytical Thinking, Communication, Collaboration, and Results Orientation.
