Specialist II, Governance Risk and Compliance

Policies, Processes & Procedures

• Adhere to organizational policies and procedures to ensure compliance and maintain a productive work environment.

• Implement and uphold the security protocols to protect the well-being of all employees and company assets.

• Comply with the standards and controls issued by the National Cybersecurity Authority (NCA), SDAIA, NDMO, in all relevant tasks and responsibilities.

Main Areas of Responsibility

• Supervise and monitor IT environments and related functions to ensure compliance with applicable security policies, standards, and regulatory requirements, including effective implementation of Segregation of Duties (SoD).

• Supervise the detection of deviations from established security policies, procedures, and role mappings, analyse findings and report discrepancies to management for timely remediation.

• Supervise and monitor IT environments and related functions to ensure compliance with organizational policies and regulatory requirements.

• Supervise & Prepare plans and ensure the completion of deliverables related to Findings as required.

• Supervise & Assign tasks and issues related to Findings / Observations from Control Functions as required, monitor to ensure progress and timely completion.

• Supervise & Interact with Audit, Risk and Compliance Functions within NCA, i.e. First-Point-of-Contact for Control Functions within IT Unit.

• Supervise & Maintain IT Risk Register and IT Risks appropriately in order to minimize impacts on IT operations, delivery of functionality, costs or timeframes.

• Supervise all IT Audit Findings (Internal / External) and follow-up for closure in coordination with related IT Units and other Departments, HQ, Branches.

• Supervise in Work with Internal Audit Team and External Audit consultants as appropriate on required IT Assessments and Audits

• Supervise and track all IT and Security related audits including scope of audits, timelines, and outcomes.

• Supervises in Provide guidance, evaluation and advocacy on audit responses.

• Support the creation governance policies, procedures, and guidelines, SOP.

• Collaborate with various departments to implement and maintain governance frameworks.

• Participate in internal and external assessments to ensure continual improvement of governance and compliance initiatives.

• Review and validate the Access Review user for IT financial systems.

• Prepare documentation and evidence for internal and external audits for NCA, ISO, PDPL, NDMO, SDAIA.

• Ensure incident handling aligns with policies and Procedures.

• Support security awareness and policy training programs for IT and business units.

• Provide compliance guidance to application owners, system admins, and stakeholders.

• Perform regular control and Risk management, gap analysis on IT and cybersecurity controls.

Miscellaneous Duties

• Perform additional tasks as required to support team objectives and broader business goals.

Qualification Bachelor's Degree

• Category Computer Science, IT or equivalent

• Other Requirements

· Preferred Certifications in Risk and Information Systems Control

· ISO/IEC 27001 Lead Implementer Auditor

• Years of Experience

· 3 – 4 years of relevant experience

· Experience in Quality and process improvements projects