Cybersecurity & GRC Manager

Role: Cybersecurity & GRC Manager

Work experience: 8+ Years

Work location: Remote

Client Industry & location: Steel industry & Saudi Arabia

Job Summary

The Cybersecurity & GRC Manager is responsible for establishing and maintaining a robust cybersecurity and governance framework tailored to the steel manufacturing industry in Saudi Arabia. This role ensures full compliance with NCA Essential Cybersecurity Controls (ECC), ISO/IEC 27001, and IEC 62443 for IT and OT environments, protecting enterprise systems such as SAP S/4HANA, industrial automation, and network infrastructure. The position focuses on risk management, policy governance, incident response, and compliance maturity, supporting the Group IT Director in aligning cybersecurity with business strategy and Vision 2030 objectives.

Key Responsibilities

1. Cybersecurity Governance & Strategy

• Develop and maintain a Cybersecurity Governance Framework aligned with NCA ECC, ISO 27001, and IEC 62443.

• Define policies, standards, and procedures to protect IT and OT systems across all plants.

• Establish a cybersecurity roadmap integrated with the organization’s business and IT strategies.

• Provide advisory support to leadership on risk posture, compliance, and regulatory readiness.

2. Risk Management & Compliance

• Conduct risk assessments across SAP, infrastructure, and OT/ICS environments.

• Maintain and update the Cyber Risk Register and track mitigation progress.

• Lead compliance initiatives for:

o NCA Essential Cybersecurity Controls (ECC)

o ISO/IEC 27001:2022 (ISMS)

o IEC 62443 for industrial control systems

• Coordinate internal and external audits, and prepare evidence for certification and inspections.

• Ensure adherence to Saudi data protection regulations and Vision 2030 cybersecurity directives.

3. Industrial (OT) Cybersecurity

• Collaborate with plant operations, automation, and engineering teams to secure PLC, SCADA, DCS, and IoT devices.

• Implement network segmentation, access controls, and threat monitoring for OT systems.

• Conduct vulnerability assessments and ensure secure integration between SAP, MES, and production systems.

4. Security Operations & Incident Management

• Oversee security operations (SOC, SIEM, firewalls, endpoint protection, IDS/IPS).

• Define and maintain a Cybersecurity Incident Response Plan.

• Lead or support incident investigations, root cause analysis, and reporting.

• Coordinate with external providers or authorities (e.g. NCA) during major incidents.

5. Awareness & Training

• Develop and deliver cybersecurity awareness programs for IT, OT, and business staff.

• Conduct specialized training for plant engineers, system administrators, and key users.

• Foster a security-first culture across the organization.

6. Advisory for Digital Systems

• Review new IT and OT projects, SAP enhancements, and infrastructure changes for security compliance.

• Ensure all technology initiatives follow security-by-design and risk-based principles.

• Validate vendor compliance with organizational cybersecurity policies.

7. Reporting & Governance

• Provide monthly reports to the Group IT Director covering:

o Cyber risk posture

o Incident and vulnerability status

o Compliance maturity

o Key metrics and improvement actions

• Prepare quarterly presentations for executive management and audit committees.

Skills & Competencies

• Deep knowledge of NCA ECC, ISO/IEC 27001, IEC 62443, and NIST CSF.

• Strong understanding of industrial cybersecurity and OT network protection.

• Experience with SAP security, identity management, and data governance.

• Analytical mindset with ability to assess risks and design mitigation strategies.

• Excellent communication and leadership skills to engage cross-functional teams.

• Proven track record in manufacturing, industrial, or steel environments.

Qualifications

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or Engineering.

• Certifications preferred:

o CISM, CISSP, or CRISC

o ISO/IEC 27001 Lead Implementer or Auditor

o IEC 62443 Cybersecurity Specialist

o NCA ECC Practitioner or Consultant

• Minimum 8+ years experience in cybersecurity and GRC, with at least 3 years in industrial or manufacturing sectors.

Key Deliverables

• Approved Cybersecurity Governance Framework and Policies

• Maintained Cyber Risk Register

• Implemented Incident Response Plan

• Quarterly Compliance & Maturity Reports

• Continuous readiness for NCA and ISO audits

• Security awareness program for all staff

Engagement Scope (Part-Time)

• 2–3 days per week (on-site and remote hybrid)

• Strategic and advisory role with operational oversight

• Direct reporting to Group IT Director

• Close coordination with Infrastructure, OT, SAP, Audit, Operation and HR teams

hr@isupportz.com