Expert (IGCR)– Information Governance, Compliance, and Risk

Sohar, Sultanate of Oman | Posted on 07/29/2025

• Major or specification: Computer and Information Sciences and Support Services
• Nationality: Omani
• City: Sohar
• Country: Sultanate of Oman

SOHAR Port and Freezone is a deep-sea port and freezone in the Sultanate of Oman, managed by SOHAR Industrial Port Company (SIPC), a 50:50 joint venture between the Port of Rotterdam and the Sultanate of Oman.

Cybersecurity Strategy & Operations:

• Develop and implement cybersecurity frameworks, policies, and incident response plans.
• Conduct regular vulnerability assessments, penetration testing, and security audits.
• Ensure security best practices for servers, networks, cloud, and endpoints are implemented by the security operations team.
• Lead the formulation and periodic review of PSFZ's cybersecurity vision, roadmap, and risk posture in alignment with business priorities.
• Ensure the implementation and continual improvement of cybersecurity frameworks and policies across departments.
• Supervise enterprise-wide incident response readiness and resilience.
• Guide and assess the execution of cybersecurity operations performed by the IT and Digitalization functions.
• Define, implement, and maintain robust IT governance structures aligned with COBIT, ISO27001, and NIST standards.
• Ensure adherence to Oman's cybersecurity laws, ISO 27001, GDPR (if applicable), and other regulatory requirements.
• Lead internal and external audits, security assessments, and compliance reviews.
• Maintain cybersecurity policies, ensuring they align with industry best practices and legal obligations.

Technology - Risk Management:

• Establish and continuously refine a technology risk management framework integrated with PSFZ's enterprise risk strategy.
• Identify, assess, and prioritize key risks related to digital systems, third-party services, and data infrastructure.
• Supervise the implementation and testing of Business Continuity and Disaster Recovery (BC/DR) plans.

Business Continuity:

• Participate in the development and implementation of IT disaster recovery and business continuity plans.
• Ensure proper maintenance, safekeeping, backup, and protection of all critical IT systems within normal operation modes in case of a disaster.
• Ensure implementation of regular backup operations, data protection, disaster recovery, and failover procedures.
• Assist in risk management tasks while coordinating with concerned functions.

Leadership Oversight and Cross-functional Collaboration:

• Evaluate and steer the performance of technology functions in meeting IGCR goals and mandates.
• Ensure security and compliance are embedded across all digitalization projects and IT operations.
• Serve as the primary advisor to the VP of Technology and executive leadership on matters related to information and cyber risk.

Security Culture, Awareness & Training:

• Develop enterprise-wide security awareness and behavioral change programs.
• Act as a thought leader and internal ambassador for secure digital transformation.
• Promote a security-first culture across the organization.
• Conduct workshops and training sessions on cybersecurity best practices.

Technology - Incident Management & Response:

• Establish protocols for detecting, responding to, and recovering from security incidents.
• Participate in reviewing and assessing cybersecurity incidents and enhance mitigation and response processes where needed.
• Collaborate with internal teams and external agencies to handle cyber incidents effectively.

Technology - Vendor & Third-Party Risk Management:

• Lead due diligence and risk reviews for all IT and cloud-based vendors.
• Enforce third-party security requirements and monitor ongoing compliance with data protection obligations.
• Assess and manage cybersecurity risks associated with external vendors, cloud providers, and IT service partners. Conduct security evaluations of third-party service providers.
• Ensure vendor compliance with SPFZ's cybersecurity and data protection standards.

• Bachelor's degree in Computer Science, Networking, or related specialization.
• Professional certification in Network administration/Engineering is highly preferable (e.g., CCNA, CCNP).
• Professional certification in Windows Server Technologies is highly preferable (e.g., MCSA, MSCE).

Minimum Experience & Skills:

• Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related field.
• Minimum of 10 years of relevant experience, including leadership roles in networking, cybersecurity governance, compliance, and risk management.
• Recognized certifications such as CEH, CCNA, CCNP, CDPSE, CISSP, CISM, CRISC, ISO 27001 Lead Auditor, or equivalent.
• Deep knowledge of risk management frameworks, IT governance models (COBIT, ITIL), and security operations.
• Proven track record of leading enterprise security strategy and working directly with executive leadership.
• Experience in overseeing cross-functional teams or directing cybersecurity efforts across multiple domains.
• Hands-on experience with SIEM solutions, firewalls, endpoint protection, cloud security solutions, and threat intelligence platforms.
• Excellent communication and leadership skills to engage with executives, technical teams, and external regulators.
• Strong problem-solving abilities and an analytical mindset to address cybersecurity challenges proactively.
• Reports directly to the Vice President of Technology.
• Provides strategic oversight over IT and Digitalization functions related to IGCR areas.
• Collaborates with legal, compliance, audit, and executive leadership teams.