Cybersecurity GRC Specialist

NEOM Green Hydrogen Company Limited (NGHC)

NEOM Green Hydrogen Company (NGHC) is on a mission to make a carbon-free, climate-safe future a reality. We are building the world's largest plant to produce green ammonia at scale, providing humankind with a cost-efficient solution that will accelerate the worldwide green hydrogen economy. Located in NEOM and supporting Saudi Arabia's Vision 2030, NGHC will be integrating up to 4GW of onshore solar and wind energy to supply up to 650 tons of green ammonia per day for transportation globally. Operations will go onstream in 2026. NGHC brings together the technology, operational efficiency and know-how of ACWA Power, Air Products and NEOM in a joint-venture partnership with over 80 years of combined experience in the fields of hydrogen, energy, renewables and global networks.

JOB DETAILS

Division: Cybersecurity GRC

Reports To: Cybersecurity GRC Manager

Liaise/Cooperate With: IT/OT/Engineering/Operation, etc

POSITION SUMMARY

The Cybersecurity GRC Specialist plays a key role in supporting the implementation of cybersecurity governance, risk, and compliance activities. This includes ensuring alignment with regulatory frameworks, conducting risk assessments, and assisting in policy development and compliance audits.

NATURE & SCOPE

The Cybersecurity GRC Specialist supports the implementation and operation of the organization's cybersecurity governance, risk, and compliance activities. The role focuses on executing risk assessments, maintaining compliance documentation, supporting policy lifecycle management, facilitating audits, and contributing to regulatory readiness. The scope spans collaboration with business units, IT, and vendors to gather evidence, assess risks, and track remediation activities.

Key Responsibilities (High-Level):

• Assist in policy and standard maintenance and documentation
• Conduct risk and compliance assessments
• Track risk mitigation and compliance remediation activities
• Prepare reports and evidence for audits and assessments
• Support implementation of national frameworks (e.g., NCA ECC)
• Participate in awareness and training efforts

JOB PURPOSE / ROLE

To support the cybersecurity GRC Manager in operationalizing risk management processes, performing compliance checks, developing documentation, and coordinating internal and external audits.

PRINCIPAL DUTIES AND RESPONSBILITIES

• Support the maintenance of cybersecurity policies and procedures in line with national and international standards.
• Conduct and document risk assessments across business and IT assets.
• Perform gap assessments against NCA ECC, ISO 27001, NIST CSF, and other regulatory frameworks.
• Assist in managing and tracking compliance issues and remediation efforts.
• Maintain the risk register and support risk mitigation tracking.
• Prepare audit evidence and support regulatory submissions.
• Assist with third-party/vendor security risk assessments.
• Coordinate with internal teams to gather documentation and evidence for compliance.
• Support awareness campaigns and GRC training programs.
• Prepare reports and dashboards for leadership.

SKILLS / TECHNICAL KNOWLEDGE AREAS

• Well-organized in documentation and reporting.
• Self-initiator and committed to process improvement.
• Knowledge and applied experience in ISO 27001, NCA ECC, and risk methodologies.
• MS Proficiency: Excel, Word, PowerPoint.
• Flexibility to work with cross-functional teams under pressure.

ESSENTIAL EDUCATION QUALIFICATIONS REQUIRED

• Bachelor's degree in Cybersecurity, Information Security, or related field.
• Industry certifications: ISO 27001 Foundation/Implementer, CRISC, CISA.

MINIMUM YEARSEXPERIENCE IN SIMILAR JOB ROLE

• 3+ years of experience in cybersecurity GRC or IT compliance.