JOB DETAILS

Manager -Cybersecurity GRC-Saudi National

CompanyAl Jomaih Energy and Water
LocationDammam
Work ModeOn Site
PostedDecember 20, 2025
About The Company
Since our founding in 2007, Aljomaih Energy & Water has transformed from a regional entity into a leading player in the energy and water sectors, with projects spanning Asia, Africa, and the Middle East. As a subsidiary of Aljomaih Holding Company, a respected Saudi investment conglomerate, we combine time tested principles with a progressive approach. With a track record of leading or co-developing complex, large-scale power and water projects across multiple geographies, we have become a reliable partner for both local and international stakeholders. From initial project planning to ongoing operation, we embrace excellence, transparency, and adaptability as cornerstones of our success, playing our role in contributing towards Saudi Arabia’s Green Initiative and Vision 2030, as well as global Net Zero ambitions. Power Generation Capacity of 10 GW Aljomaih Energy & Water’s diverse portfolio encompasses a robust capacity of 10 GW across conventional and renewable energy sources, including Combined Cycle Gas Turbine (CCGT), cogeneration, and solar power projects. These energy solutions are tailored to address current and future demands while supporting socio-economic development. Enhancing Water Resources with 700,000 m³/day Capacity With our Independent Water Projects (IWP), Independent Water and Power Projects (IWPP), and Independent Water Treatment Projects (IWTP), we manage desalination and industrial wastewater treatment facilities that deliver around 700,000 m³ of clean water per day. These projects contribute to community resilience and health by ensuring essential, clean water resources are accessible and sustainable for all. Follow our journey to learn more.
About the Role

Overview

The cybersecurity GRC manager helps run the governance, risk, and compliance program across AEW and AEW-served companies. The role is expected to drive policy lifecycle, assessments, audits, exceptions, third-party risk, and regulatory alignment. Role is expected to coordinate remediation with AEW Digital Services/IT and counterparts at serviced entities.

Key Responsibilities

Governance & Policy

  • Maintain AEW’s cybersecurity policy/standard/procedure library; run annual review cycle; map to ECC-2:2024 and other applicable NCA controls (OTCC/CSCC/OSMACC) and relevant international baselines (e.g., ISO 27001).
  • Publish and track mandatory control exceptions with end dates and risk acceptance.

Compliance & Assurance

  • Plan and run internal assessments for AEW and serviced entities; prepare for external inspections; maintain evidence library.
  • Use the NCA ECC-2 Assessment & Compliance Tool when applicable; produce gap analyses and remediation plans.

Risk Management

  • Maintain the cyber risk register; facilitate business-owned risk decisions; integrate with enterprise risk.
  • Run control design/effectiveness reviews ahead of audits.

Third-Party & Cloud

  • Ensure enforcement of third party cybersecurity controls in line with ECC-2:2024 “third-party and cloud computing” domain.
  • Coordinate with Procurement and Legal.

Awareness & Training

  • Define compliance-focused awareness training plan and track completion.

Reporting & Governance

  • Provide monthly KPI packs to the Head of Digital Services and Cybersecurity Steering Committee.

Qualifications & Skill Sets

  • Bachelor’s degree. 3–7 years in cybersecurity GRC or audit.
  • Proven work with NCA frameworks (ECC-2:2024; plus OTCC/CSCC/OSMACC as applicable to entity scope).
  • Strong policy writing, audit, and risk facilitation skills; Arabic and English business proficiency.
  • Preferred: ISO/IEC 27001 LA/LI, CISM, CRISC (or equivalent).

Travel

Regular travel within Saudi Arabia and other relevant countries as required by the business.

Key Skills
CybersecurityGovernanceRisk ManagementCompliancePolicy WritingAuditRisk FacilitationNCA FrameworksISO 27001ArabicEnglishThird-Party RiskCloud ComputingTrainingReportingKPI Tracking
Categories
TechnologyManagement & LeadershipSecurity & SafetyConsultingData & Analytics
Job Information
📋Core Responsibilities
The cybersecurity GRC manager oversees the governance, risk, and compliance program, driving policy lifecycle, assessments, audits, and regulatory alignment. The role also coordinates remediation efforts with AEW Digital Services/IT and serviced entities.
📋Job Type
full time
📊Experience Level
5-10
💼Company Size
115
📊Visa Sponsorship
No
💼Language
English
🏢Working Hours
40 hours
Apply Now →

You'll be redirected to
the company's application page