Position: Manager - Cybersecurity Governance, Risk & Compliance (GRC) OverviewJob Purpose:The Manager – Cybersecurity Governance, Risk & Compliance (GRC) leads the design, implementation, and maintenance of the Bank’s cybersecurity governance, risk, and compliance framework. He/ She ensures compliance with regulatory requirements, international standards, and internal policies while strengthening information security governance, risk oversight, and assurance.The Manager – Cybersecurity GRC manages ISMS, cybersecurity risk management, access governance, data protection, AI governance, and third-party security compliance to safeguard the Bank’s information assets and operational resilience.Key AccountabilitiesMaintains the Bank’s ISO 27001 certification and ensures ongoing compliance with ISMS requirements.Develops, reviews, and governs information security policies, standards, and procedures in line with regulatory and industry best practices under the supervision of the line manager.Administers ISMS documentation, related internal audits, management reviews, and continuous improvement activities.Ensures compliance with cybersecurity regulations and directives issued by CBO, MTCIT, CDC, and other applicable authorities.Monitors regulatory developments and updates cybersecurity governance frameworks accordingly.Owns and maintains the cybersecurity risk register and ensures risks are identified, assessed, prioritized, and treated.Tracks audit findings, risk treatment actions, and control gaps and ensures timely remediation and closure.Coordinates cybersecurity audits with internal audit, external auditors, and regulators and ensures successful audit outcomes.Establishes and governs access management and privileged access frameworks in alignment with regulatory and internal requirements.Manages role-based access reviews, privileged access reviews, and enforcement of Privileged Access Management (PAM) controls.Collaborates cross functionally with relevant stakeholders to ensure timely access revocation for employees, contractors, and vendors.Acts as the ISO approver for critical access changes and ensures proper authorization and security review.Defines and implements AI governance and security frameworks to ensure ethical, secure, and compliant AI adoption.Ensures AI solutions comply with data protection, cybersecurity, and regulatory requirements.Develops and enforces data privacy and protection policies in line with local and international regulations.Manages privacy impact assessments and data protection impact assessments for systems, projects, and third parties.Ensures effective processes are in place to support data subject rights and regulatory obligations.Manages data breach response, escalation, and regulatory notification in accordance with defined timelines.Supports business continuity and disaster recovery planning by embedding cybersecurity requirements into resilience frameworks.Administers third-party and MSSP security compliance, assessments, and ongoing monitoring.Ensures cybersecurity controls are integrated into change management and project delivery processes.Chairs and participates in cybersecurity governance forums and steering committees, and tracks associated action items.Drives cybersecurity awareness programs and promotes a culture of security accountability across the Bank.Provides regular cybersecurity risk, compliance, and governance reporting to senior management and relevant committees.Develops and enforces data privacy and protection policies and manages data subject rights in compliance with Oman’s Personal Data Protection Law, CBO guidelines, GDPR, ISO 27701 (PIMS), MTCIT, and CDC requirements.Conducts privacy and data protection impact assessments, oversees data breach response and regulatory notification, and ensures third-party and vendor compliance with applicable privacy and regulatory obligations.Qualifications and ExperienceBachelor’s degree in Information Technology, Cybersecurity, Information Systems, or a related discipline.A professional certification in Cyber and Information Security (e.g., CGRC, CRISC, CGEIT, CDPSE, GRCP, etc.) is desired.A minimum of 5 years of experience in cybersecurity governance, risk management, IT audit, or IT security within the banking sector.Proven experience with cybersecurity frameworks, particularly ISO 27001, and regulatory engagement with CBO, MTCIT, and CDC.Awareness of Central Bank of Oman (CBO) regulations in the related area.Strong access governance and privileged access management expertise.Applications will be accepted until 15-Feb-2025 at 2:00 P.MSubmissions received after this date and time will not be considered#J-18808-Ljbffr
