About the Job:
The Director – Governance, Risk & Compliance is responsible for leading the development and ongoing enhancement of the digital cluster’s digital governance frameworks and enterprise risk management strategies. This role is pivotal in acting as a driver for progressive outcomes, ensuring that the digital security risk and governance program advances in maturity and control capabilities. The focus is on effectively identifying, detecting, and safeguarding the organization against the constantly evolving digital threat landscape.
The Director plays a key role in impact-oriented planning, prioritization, and performance management, establishing a unified, coordinated approach to digital governance and compliance. This approach aims to bolster and broaden digital risk and governance capabilities while fostering a robust and efficient risk management culture throughout the organization.
Additionally, the Director integrates enterprise architecture principles into these practices, ensuring alignment with the organization's overall digital strategy. They are instrumental in building a strong, cohesive team, committed to achieving results, and provide effective coaching to ensure sustained team engagement and performance in the dynamic field of digital governance and risk management.
KEY RESPONSIBILITIES
Core Responsibilities:
- Developing strategies and policies for digital governance, risk management, and compliance. Analyzing digital trends, cybersecurity laws, and regulations, ensuring that the organization's digital operations align with these requirements while fostering innovation and digital transformation.
- Identifying and mitigating risks specific to the digital landscape, including cybersecurity threats, data privacy issues, and technology-related operational risks. The Director should establish robust digital risk management protocols and lead in assessing and mitigating these risks.
- Ensuring compliance with digital regulations and standards is a core responsibility. This involves monitoring and auditing digital practices, staying updated with changes in the digital regulatory environment, and implementing necessary changes in the organization's digital operations.
- Leading a team specialized in digital GRC. Responsibilities include setting digital-focused goals, guiding the team in digital compliance and risk management practices, and fostering a culture of digital security and ethical behavior.
- Reporting on digital risk management activities, compliance issues, and the effectiveness of digital GRC programs.
- Integrate enterprise architecture principles into GRC practices. This involves understanding how digital technologies and architectures impact governance, risk, and compliance, and ensuring that the digital strategies align with the overall business architecture for optimized performance and risk management.
- Lead and implement the digital cluster’s risk management plan and strategy, communicate expectations and obligations through Senior Executives and managers, and monitor and report on performance to improve the overall risk profile
- Provide technical leadership, processes, tools and support to digital cluster to successfully implement the risk management framework.
- The role is responsible for delivering governance and privacy functions to the cluster, as well as identifying potential threats to brand reputation, financial sustainability, operational efficiency, workforce investments and safety to fully develop a shared understanding of overall risk exposure.
- Direct and coordinate the delivery of regular risk analysis reports and programs designed to anticipate and minimize threats to the Cluster.
- Lead the development and implementation of Business Continuity Management capability across the cluster.
- Develop, implement, manage and maintain the Department and Cluster governance strategy, policy, systems and processes and monitor and report on performance and compliance to enable the Department and Cluster to deliver its objectives within legal/statutory, public service and ethical obligations.
- Lead and oversee governance staff and resources and prioritize governance activities to better manage and minimize risks and support the strategic objectives of the Cluster
- Fully accountable for the content, accuracy, validity and integrity of advice provided
People Management Responsibilities:
- Accountable for the management of team operations and planning to achieve the overall agreed work program commitments
- Should have considerable autonomy and independence to determine day to day work priorities, deploy resources and allocate duties
- Negotiates matters related to area of responsibility, and make decisions in relation to the quality of work performed and methods and approaches for how to achieve business outcomes
- Accountable and responsible for the effective management and use of human, financial and other resources within set budget and resource parameters
Strategic Responsibilities:
- Align the risk management strategies and practices as per the cluster vision & requirements
- Makes decisions and acts within Government sector core values, strategic plans and priorities, legislative and regulatory frameworks, delegations, and Department policy and procedural frameworks and guidelines
- Provide expert, advice and recommendations on risk identification, assessment and mitigation plans to contribute to informed decision making.
- Provide expert advice, counsel and recommendations on the risk management framework
- Lead the preparation of quality Executive and Group leadership and Audit and Risk Committee reports
- Lead, guide and support all team members
- Work collaboratively with the Governance Team to deliver the Divisions objectives
- Set performance expectations and manage team performance and development.
- Negotiate and approve contracts or service level agreements with external providers (e.g. risk management consultants, ) to ensure optimized return on investment
EDUCATIONAL AND TECHNICAL QUALIFICATIONS:
- 15+ years of experience in Information Security and Digital Governance, including at least 5 years in a management or supervisory role.
- Bachelor’s degree (or equivalent) in Information Security, Computer Science, Management of Information Systems, or Information Management, from a recognized program. An advanced degree in the field is preferred.
- Industry certifications: CISSP, CISM, CGEIT, OSCP, CRISC, CISA.
- Fluency in English Language (Speak, Read and write)
- Good Level in Arabic Language is preferable
- Must have knowledge of industry leading Information Security Governance and Management Frameworks and practices.
- Must have practical track records in InfoSec management practices and technologies related to management of enterprise information security and approaches related to information protection.
- Should possess knowledge of information security management and governance regulatory requirements and emerging trends and issues.
- Able to demonstrate consulting skills, with change management concepts and strategies, including communication, culture change, and performance measurement system design.
- Should have a knowledge of risk management, business continuity, technology architecture and technology solutions.
- Expected to be widely recognized as a subject matter expert in the information security governance and information protection domain.