Manager, Cyber Regulations and Governance
About the job
Job Title: Manager, Cyber Regulations and Governance
LOCATION: Abu Dhabi, UAE
Job Summary:
The Manager, Cyber Regulation and Governance, manages the development and implementation of cybersecurity regulatory assurance and reporting requirements across the TAQA Group, including IWPPs and non-operated assets defined by the UAE regulatory authority. This role is responsible for delivering a comprehensive Cyber Regulation and Governance program that aligns with regulatory and government policies, collaborating with a globally dispersed team of cybersecurity practitioners. Additionally, the Manager, Cyber Regulation and Governance oversee the formal risk assessment process to identify deviations from regulations and internal policies, ensuring accurate reporting to governmental entities.
General Responsibilities:
- Strategy and Planning
- Implement the organizational strategy in line with the business vision, mission, and corporate objectives, as well as the Group delegation of authority policy.
- Ensure that the overall business strategy is translated into annual operational business plans and the performance is monitored to ensure business plans are in line with the overall growth plan.
- Policy, Procedures, Process, and Systems
- Implement policy, systems, processes, procedures, and controls covering all functional areas in line with Group delegation of authority policy to ensure fulfillment of all relevant procedural/ legislative requirements while consistently delivering quality and cost-effective service.
- Reporting
- Ensure all divisional reports are completed timely and comply with HQ and business policies and standards.
- Manage the preparation of periodical management reports and progress reports to keep the senior management informed about the progress of various initiatives and to facilitate decision-making.
- Comply with organization requirements in a timely manner.
Job Specific Responsibilities:
- Develop and maintain robust cybersecurity governance frameworks, policies, and procedures in line with global and regional regulations.
- Deliver a highly effective Cyber Risk, Assurance, and Advisory function across TAQA Group and IWPPs, ensuring consistent implementation of cyber risk assessments and identification of suitable mitigating controls.
- Maintain and update TAQA Group's IT cybersecurity policies and standards, incorporating changes in legislation and emerging industry risks.
- Ensure that first-line assurance activities are conducted to confirm the effectiveness of controls, including compliance with TAQA Group cyber policies and governmental regulations.
- Implement and manage a standardized cybersecurity risk assessment process that engages the business from initial impact assessment to final risk sign-off.
- Conduct comprehensive risk assessments to identify vulnerabilities and threats to TAQA’s information assets, ensuring that risk management strategies are effectively implemented and monitored.
- Provide technical cyber assurance across TAQA Group, IWPPs, and other non-operated assets, ensuring comprehensive security coverage and visibility from a Security Operations Center (SOC) perspective.
- Assist in reviewing technical architectures as part of the formal Risk Assessment of Systems to ensure security measures are integrated.
- Develop and maintain reporting dashboards tailored to various stakeholders, including the TAQA Executive Team, Department of Energy (UAE), and Cybersecurity Council (UAE), ensuring relevant metrics are produced to support communication efforts.
- Initiate assurance programs to assess the cybersecurity maturity of regional operations, maintaining a maturity heat map for tracking progress.
- Ensure transparency regarding the cyber risks faced by the organization, embedding these risks within regional and group risk registers and tracking actions to address gaps for reporting to the Cyber Security Steering Committee (CSSC).
- Collaborate closely with Group Risk and related organizations across all TAQA entities to produce an integrated view of risk for TAQA leadership.
- Collaborate with the Cyber Operations & Threat Intelligence team to ensure that lessons learned from cybersecurity incidents are integrated into future risk assessments and governance practices.
- Conduct regular audits and reviews to assess the effectiveness of cybersecurity governance frameworks and controls, ensuring that findings are addressed in a timely manner.
- Identify opportunities for continuous improvement in cybersecurity governance processes and practices, leveraging industry best practices and lessons learned from incidents.
- Leadership
- Model continuous improvement and professional development. Make decisions with integrity, transparency, and a focus on the entity's goals, ensuring Safe is maintained as a core principle.
- Talent Management
- Execute talent development initiatives focused on skill enhancement and career progression. Upskill key resources across the TAQA Group and ensure a team culture connected to the organization’s larger purpose.
- Culture
- Champion the organization’s values within the dispersed team, encouraging a collaborative and innovative work environment.
- Communication
- Empower the dispersed team to make informed decisions. Ensure clear communication, both up and down the chain, aligning with organizational objectives.
These responsibilities are representative, and the role holder is also responsible for any other job assigned by the superior authorities from time to time.
Essential Requirements
- Bachelor’s degree in Engineering, Computer Science, OT, or equivalent
- 8+ years of experience in cybersecurity
- Accredited certifications such as CISSP, CISA, CISM, or equivalent
- Extensive experience with regulatory compliance and cybersecurity standards (e.g., UAE IA, NIST, ISO 27001, IEC 62443).
- Understanding of government regulations related to cybersecurity for critical infrastructure
- Executive presence, including experience in liaising with regulation and governmental bodies
Preferred Requirements
- Master’s degree in Information Security, Computer Networks, or equivalent
- 10+ years of management experience in OT cybersecurity or a similar role
- Direct experience across multiple countries related to governmental/regulation reporting and interaction
- Advanced certifications such as CCSP, SCADA Security, or CRISC certifications.
