Cybersecurity Compliance And Governance Engineer

 

Description:

Responsibilities:

Compliance Management:

Develop and implement cybersecurity compliance programs, policies, and procedures in alignment with industry standards and regulations.

Monitor changes in cybersecurity laws and regulations, ensuring the organization's compliance with applicable requirements.

Risk Assessment and Mitigation:

Conduct regular risk assessments to identify and evaluate cybersecurity risks.

 

Develop and implement strategies to mitigate identified risks and vulnerabilities.

Framework Adherence:

Ensure compliance with relevant cybersecurity frameworks, such as NIST, ISO 27001, GDPR, and others.

Conduct regular assessments to measure and improve adherence to established frameworks.

Internal Audits:

Plan and conduct internal audits to assess the effectiveness of cybersecurity controls and processes.

 

Collaborate with internal teams to address identified gaps and weaknesses.

 

External Audits and Certifications:

 

Coordinate and support external audits and certification processes, ensuring successful outcomes.

 

Prepare and maintain documentation required for compliance certifications.

 

Policy Development:

 

Develop and update cybersecurity policies and procedures in response to changing threats and business requirements.

 

Communicate policies effectively to ensure awareness and compliance across the organization.

Incident Response Planning:

Collaborate with the incident response team to develop and test incident response plans.

Ensure that incident response plans align with regulatory requirements.

Training and Awareness:

Develop and deliver cybersecurity training programs for employees to enhance awareness and compliance.

Keep stakeholders informed about cybersecurity best practices and compliance obligations.

Qualifications:

Bachelor's degree in Cybersecurity, Information Technology, or a related field; relevant certifications (CISSP, CISM, etc.) are a plus.

Minimum of 5 years of experience in cybersecurity compliance and governance roles.

Deep understanding of cybersecurity principles, risk management, and compliance frameworks.

Experience with regulatory requirements such as SAMA, NCA, GDPR, HIPAA, or other industry-specific standards including but not limited to NIST 800-82rev3, IEC 62443, NERC CIP, and client-specific standards like Aramco CCC, SEC, SABIC.

Strong analytical and problem-solving skills with attention to detail.

Excellent communication and interpersonal skills, with the ability to interact with diverse stakeholders.

Familiarity with cybersecurity tools, technologies, and best practices.