Cybersecurity Governance Risk & Compliance Controller

MAIN DUTIES AND RESPONSIBILITIES:

• Organize and conduct initial review of cybersecurity-related regulations, standards and best practices including cybersecurity incidents, threats and attacks that originate from internal and external IT environment. Prepare cybersecurity policies and procedures including roles, strategy and other related documentations in line with the organization’s IT security requirements, government regulations and all cybersecurity standards.
• Establish a risk management strategy for MNGHA that includes a determination of risk tolerance. Develop security risk profiles of computer systems by assessing threats to, and vulnerabilities of, those systems. Work with others to implement and maintain a cybersecurity risk management program.
• Conduct an initial cybersecurity risk assessment of stakeholder assets and update the risk assessment on an ongoing basis. Identify and coordinate with appropriate staff on specific roles associated with the execution of the Risk Management Framework.
• Work with stakeholders to develop cybersecurity policies and associated documentation in alignment with the organization cybersecurity strategy and to resolve cybersecurity incidents and vulnerability compliance issues. Seek consensus on proposed cybersecurity policy changes from stakeholders. Keep an open communication with internal and external entities on information that will assist in determining best practices in establishing and improving the organization IT security policies and risks control.
• Develop and conduct cybersecurity awareness programs. Establish and maintain appropriate communication channels with stakeholders. Maintain awareness of applicable privacy laws, regulations, and accreditation standards. Work with organizational officials to ensure continuous monitoring tool data provides situation awareness of risk levels.
• Review, conduct, or participate in audits of cyber programs and projects.
• Monitor and evaluate a system's compliance with cybersecurity, resilience, and dependability requirements. Provide an accurate technical evaluation of software applications, systems, or networks and document their compliance with agreed cybersecurity requirements. Prepare an appropriate mechanism for key performance indicators (KPIs) of cybersecurity compliance and share it with the management.
• Maintain knowledge of applicable legislation, regulation, and accreditation standards and regularly review these to ensure continuous organizational compliance. Cooperate with relevant regulatory agencies and other legal entities in any compliance reviews or investigations.
• Perform other job-related duties

• Area specific applications/systems, tools and equipment
• Work-stream leads, subordinates
• All internal and external disciplines, government entities
• Expected to use critical-thinking stills to reach objective conclusions
• High paced environment with intense deadlines
• Handling multiple projects simultaneously
• Great deal of details and accuracy
• Perpetual interaction with relevant stakeholders
• Occasional overtime, on call, weekend, and holiday work might be required

Certified in Cybersecurity Governance, Risk and Compliance (GRC) or in any Cybersecurity-related field – Preferred

Minimum of 5 (five) years’ IT-related experience in comparable environment, 3 (three) years of which in cybersecurity or similar field – Essentia

English Language: Level – I – Essential

Computer : Level – I – Essential

Cybersecurity, Network Engineering & Security, Information Systems, Computer Science