Industrial Cybersecurity Governance, Risk, and Compliance Manager

COMPANY OVERVIEW                                                                            

NEOM is an accelerator of human progress and a vision of what a new future might look like. A region in northwest Saudi Arabia on the Red Sea, NEOM is being built from the ground up to include hyperconnected, cognitive cities, ports, next-generation infrastructure and industries, enterprise zones, research centers, sports and entertainment venues and tourist destinations.

As a destination, it will be a home for people who dream big and want to be part of building a new model for exceptional livability, creating thriving businesses and reinventing environmental conservation.

As a workplace, it is a place for people who share our core values of care, curiosity, diversity, passion, respect, and becoming a catalyst for change.

Are you ready to help NEOM find solutions to the world’s most pressing challenges? Are you prepared to create a lasting legacy that benefits generations to come? Then we want to hear from you!

ROLE OVERVIEW

An Industrial Cybersecurity Governance, Risk, and Compliance Manager is responsible for overseeing the cybersecurity risks associated with industrial environments, such as manufacturing plants, power plants, and other critical infrastructure facilities. This role typically encompasses a variety of responsibilities to ensure the security and integrity of industrial control systems (ICS), operational technology (OT), and the Internet of Things (IoT) devices.

ROLE COMPETENCIES & ACTIVITIES

The Industrial Cybersecurity Governance, Risk and Compliance Manager responsibilities will include, but not be limited to:

Governance Development:

• Develop, implement, and maintain a robust OT governance framework that aligns with overall business strategies and corporate governance policies.
• Establish OT-specific policies, standards, and procedures that guide and control the organization’s operational technology practices.

Risk Management:

• Lead comprehensive risk assessments to identify vulnerabilities and threats to OT systems.
• Implement risk management strategies and mitigation plans to address identified risks and ensure they are managed within acceptable tolerance levels.
• Conduct regular reviews and updates of risk management protocols to adapt to new technologies, processes, or changes in the threat landscape.

Compliance Oversight:

• Oversee and ensure adherence to all applicable local, national, and international regulatory requirements and standards that affect OT systems.
• Regularly audit OT systems and practices to ensure compliance, documenting findings and implementing corrective actions as needed.
• Stay abreast of changes in regulatory environments and update compliance strategies accordingly.

Security Enhancements:

• Collaborate with IT and cybersecurity teams to integrate state-of-the-art cybersecurity technologies and best practices with operational technology systems.

Stakeholder Engagement:

• Act as the primary point of contact for OT governance, risk, and compliance within the organization, ensuring clear communication and reporting lines.
• Prepare and deliver detailed reports and presentations to senior management and board members on OT risk and compliance statuses, strategies, and improvements.
• Engage with external stakeholders including regulators, partners, and industry groups to ensure alignment and compliance with external standards and practices.

Team Leadership:

• Lead, mentor, and develop the OT governance, risk, and compliance team, fostering a culture of continuous improvement and professional growth.
• Manage resource allocation and team performance, setting clear goals and expectations, and providing regular feedback.

Culture and Values

• Embrace NEOM’s culture and Values https://www.neom.com/en-us/about.
• Act with honesty and integrity by following best practices, and upholding the robust standards and expectations set out in NEOM’s Code of Conduct.
• Maintain fair, ethical and professional work practices in accordance with NEOM’s Values and Code of Conduct.
• Adhere to NEOM’s Policies, procedures, and controls to ensure compliance with rules. 

EXPERIENCE & QUALIFICATIONS

Knowledge, Skills and Experience

• The ideal candidate will possess an in-depth understanding of industrial control systems including SCADA, PLCs, and other OT technologies.
• This role requires at least 15 years of substantial experience in risk management, compliance, or governance, specifically in operational technology settings, as well as a thorough knowledge of relevant industry regulations and standards.
• Strong analytical skills are essential for identifying and mitigating risks in complex systems and environments.
• The candidate must have excellent communication skills to effectively articulate complex issues to both technical and non-technical stakeholders and should demonstrate proven leadership abilities to guide and develop a diverse team.
• The ability to navigate and manage cross-functional collaborations is also crucial for success in this role.

Qualifications
 

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, Engineering, or a related field. A master’s degree in a relevant field can be advantageous.
• Certifications relevant to cybersecurity such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Industrial Cyber Security Professional (GICSP), Certified Ethical Hacker (CEH), or other specialized certifications like ISA/IEC 62443.