Question
5-10

Manager -Cybersecurity GRC-Saudi National

12/20/2025

The cybersecurity GRC manager oversees the governance, risk, and compliance program, driving policy lifecycle, assessments, audits, and regulatory alignment. The role also coordinates remediation efforts with AEW Digital Services/IT and serviced entities.

Working Hours

40 hours/week

Company Size

51-200 employees

Language

English

Visa Sponsorship

No

About The Company
Since our founding in 2007, Aljomaih Energy & Water has transformed from a regional entity into a leading player in the energy and water sectors, with projects spanning Asia, Africa, and the Middle East. As a subsidiary of Aljomaih Holding Company, a respected Saudi investment conglomerate, we combine time tested principles with a progressive approach. With a track record of leading or co-developing complex, large-scale power and water projects across multiple geographies, we have become a reliable partner for both local and international stakeholders. From initial project planning to ongoing operation, we embrace excellence, transparency, and adaptability as cornerstones of our success, playing our role in contributing towards Saudi Arabia’s Green Initiative and Vision 2030, as well as global Net Zero ambitions. Power Generation Capacity of 10 GW Aljomaih Energy & Water’s diverse portfolio encompasses a robust capacity of 10 GW across conventional and renewable energy sources, including Combined Cycle Gas Turbine (CCGT), cogeneration, and solar power projects. These energy solutions are tailored to address current and future demands while supporting socio-economic development. Enhancing Water Resources with 700,000 m³/day Capacity With our Independent Water Projects (IWP), Independent Water and Power Projects (IWPP), and Independent Water Treatment Projects (IWTP), we manage desalination and industrial wastewater treatment facilities that deliver around 700,000 m³ of clean water per day. These projects contribute to community resilience and health by ensuring essential, clean water resources are accessible and sustainable for all. Follow our journey to learn more.
About the Role

Overview

The cybersecurity GRC manager helps run the governance, risk, and compliance program across AEW and AEW-served companies. The role is expected to drive policy lifecycle, assessments, audits, exceptions, third-party risk, and regulatory alignment. Role is expected to coordinate remediation with AEW Digital Services/IT and counterparts at serviced entities.

Key Responsibilities

Governance & Policy

  • Maintain AEW’s cybersecurity policy/standard/procedure library; run annual review cycle; map to ECC-2:2024 and other applicable NCA controls (OTCC/CSCC/OSMACC) and relevant international baselines (e.g., ISO 27001).
  • Publish and track mandatory control exceptions with end dates and risk acceptance.

Compliance & Assurance

  • Plan and run internal assessments for AEW and serviced entities; prepare for external inspections; maintain evidence library.
  • Use the NCA ECC-2 Assessment & Compliance Tool when applicable; produce gap analyses and remediation plans.

Risk Management

  • Maintain the cyber risk register; facilitate business-owned risk decisions; integrate with enterprise risk.
  • Run control design/effectiveness reviews ahead of audits.

Third-Party & Cloud

  • Ensure enforcement of third party cybersecurity controls in line with ECC-2:2024 “third-party and cloud computing” domain.
  • Coordinate with Procurement and Legal.

Awareness & Training

  • Define compliance-focused awareness training plan and track completion.

Reporting & Governance

  • Provide monthly KPI packs to the Head of Digital Services and Cybersecurity Steering Committee.

Qualifications & Skill Sets

  • Bachelor’s degree. 3–7 years in cybersecurity GRC or audit.
  • Proven work with NCA frameworks (ECC-2:2024; plus OTCC/CSCC/OSMACC as applicable to entity scope).
  • Strong policy writing, audit, and risk facilitation skills; Arabic and English business proficiency.
  • Preferred: ISO/IEC 27001 LA/LI, CISM, CRISC (or equivalent).

Travel

Regular travel within Saudi Arabia and other relevant countries as required by the business.

Key Skills
CybersecurityGovernanceRisk ManagementCompliancePolicy WritingAuditRisk FacilitationNCA FrameworksISO 27001ArabicEnglishThird-Party RiskCloud ComputingTrainingReportingKPI Tracking
Categories
TechnologyManagement & LeadershipSecurity & SafetyConsultingData & Analytics
Apply Now

Please let Al Jomaih Energy and Water know you found this job on InterviewPal. This helps us grow!

Apply Now
Prepare for Your Interview

We scan and aggregate real interview questions reported by candidates across thousands of companies. This role already has a tailored question set waiting for you.

Elevate your application

Generate a resume, cover letter, or prepare with our AI mock interviewer tailored to this job's requirements.

Tailor my ResumeWrite my cover letterFind Your Cover Letter