Expert – Information Technology Governance, Compliance, and Risk

Expert – Information Technology Governance, Compliance, and Risk (IGCR)Expert – Information Technology Governance, Compliance, and Risk (IGCR)

Direct message the job poster from SOHAR Port and Freezone

People Manager at SOHAR Port and Freezone

The Expert – IGCR plays a critical leadership role in safeguarding SOHAR Port and Freezone digital assets, ensuring regulatory compliance, and embedding cybersecurity and risk-aware governance across the organization. As a senior advisor and oversight authority, this role drives the strategic alignment of information security, technology governance, compliance, and risk management with SOHAR Port and Freezone overall business objectives.

Cybersecurity Strategy & Operations

• Develop and implement cybersecurity frameworks, policies, and incident response plans.
• Conduct regular vulnerability assessments, penetration testing, and security audits.
• Ensure security best practices for servers, network, cloud and endpoints are in implemented by the security operation team.
• Lead the formulation and periodic review of PSFZ's cybersecurity vision, roadmap, and risk posture in alignment with business priorities.
• Ensure the implementation and continual improvement of cybersecurity frameworks and policies across departments.
• Supervise enterprise-wide incident response readiness and resilience.
• Guide and assess the execution of cybersecurity operations performed by the IT and Digitalization functions

Technology Governance & Compliance

• Define, implement, and maintain robust IT governance structures aligned with COBIT, ISO 27001, and NIST standards.
• Ensure adherence to Oman's cybersecurity laws, ISO 27001, GDPR (if applicable), and other regulatory requirements.
• Lead internal and external audits, security assessments, and compliance reviews.
• Maintain cybersecurity policies, ensuring they align with industry best practices and legal obligations.

Technology - Risk Management

• Establish and continuously refine a technology risk management framework integrated with PSFZ's enterprise risk strategy.
• Identify, assess, and prioritize key risks related to digital systems, third-party services, and data infrastructure.
• Supervise the implementation and testing of Business Continuity and Disaster Recovery (BC/DR) plans.

Business Continuity

• Participate in development and implementation of IT disaster recovery plan and business continuity plan.
• Ensure proper maintenance, safekeeping, back up, and protection of all critical IT systems within the normal operation mode in case of a disaster.
• Ensure implementation of regular backup operations, data protection, disaster recovery, and failover procedures.
• Assist in the risk management tasks while coordinating with the concerned functions.

Leadership Oversight and Cross-functional Collaboration

• Evaluate and steer the performance of technology functions in meeting IGCR goals and mandates.
• Ensure security and compliance are embedded across all digitalization projects and IT operations.
• Serve as the primary advisor to the VP Technology and executive leadership on matters related to information and cyber risk.

Security Culture, Awareness & Training

• Develop enterprise-wide security awareness and behavioral change programs.
• Act as a thought leader and internal ambassador for secure digital transformation.
• Promote a security-first culture across the organization.
• Conduct workshops and training sessions on cybersecurity best practices.

Technology - Incident Management & Response

• Establish protocols for detecting, responding to, and recovering from security incidents.
• Participate in reviewing and assessing the cybersecurity incident and enhance the mitigation and response process where needed.
• Collaborate with internal teams and external agencies to handle cyber incidents effectively.

Technology - Vendor & Third-Party Risk Management

• Lead due diligence and risk reviews for all IT and cloud-based vendors.
• Enforce third-party security requirements and monitor ongoing compliance with data protection obligations.
• Assess and manage cybersecurity risks associated with external vendors, cloud providers, and IT service partners. Conduct security evaluations of third-party service providers.
• Ensure vendor compliance with SPFZ's cybersecurity and data protection standards.
• Bachelor's degree in Cybersecurity, Information Security, Computer Science, Networking or related specialization.
• Professional certification in Network administration\Engineering is highly preferable. E.g. CCNA, CCNP.
• Professional certification in Windows Server Technologies is highly preferable. E.g. MCSA, MSCE.
• Minimum of 10 years of relevant experience, including leadership roles in networking, cybersecurity governance, compliance, and risk management.
• Deep knowledge of risk management frameworks, IT governance models (COBIT, ITIL), and security operations.
• Proven track record of leading enterprise security strategy and working directly with executive leadership.
• Experience in overseeing cross-functional teams or directing cybersecurity efforts across multiple domains.
• Hands-on experience with SIEM solutions, firewalls, endpoint protection, cloud security solutions, and threat intelligence platforms.

Seniority level

• Seniority levelMid-Senior level

Employment type

• Employment typeFull-time

Job function

• Job functionInformation Technology
• IndustriesTransportation, Logistics, Supply Chain and Storage

Referrals increase your chances of interviewing at SOHAR Port and Freezone by 2x

Get notified about new Information Technology Expert jobs in Sohar, Al Batinah North Governorate, Oman.

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

---