NEOM Green Hydrogen Company Limited (NGHC)
NEOM Green Hydrogen Company (NGHC) is an equal joint venture between Air Products, ACWA Power, and NEOM responsible for the development of the NEOM Green Hydrogen Project in the autonomous NEOM region within the Kingdom of Saudi Arabia. The Project will see the construction of the world’s largest plant to produce green hydrogen at scale, producing up to 600 tonnes of carbon-free hydrogen per day through the integration of approximately 4GW of Solar and Wind energy. The plant will produce green ammonia for export to global markets and is scheduled to be onstream in 2026.
JOB DETAILS
Division: Cybersecurity Department
Reports To: Chief of Staff (NGHC Leadership Team)
Liaise/Co-operate With: IT Director, VP Operations, Leadership Team
No. Of Direct Reports:7 TO 10
POSITION SUMMARY
The Cybersecurity Senior Manager/Director is responsible for leading cybersecurity work within the organization, establishes vision and direction for its IT and industrial cybersecurity and related strategies, resources and activities and advises the leadership on the effective management of the organization’s cyber risks.
The Cybersecurity Manager position requires a leader with relevant experience in managing critical infrastructure, sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem including Operational Technology Cybersecurity.
NATURE & SCOPE
The Cybersecurity Senior Manager/Director reports to the Chief of Staff and works closely with the IT Director. The Cybersecurity Manager should understand and articulate the impact of cybersecurity risks on business and be able to articulate this to senior stakeholders. He/ she will establish a comprehensive cybersecurity framework (people, process, technology) and serve as the process owner of assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements.
This position is anticipated to recruit and lead a cybersecurity department of 07-10 employees and multiple vendors providing technology and support services.
PRINCIPAL DUTIES AND RESPONSBILITIES
Establish Governance and Build Knowledge:
- Develops and oversees IT and Industrial Cybersecurity program management.
- Facilitates an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
- Provides regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes
- Develops, socializes and coordinates approval and implementation of security policies, ensuring awareness and compliance with all stakeholders.
- Directs the creation of a targeted information security awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences.
- Guides the selection and implementation of tools and controls for embedding coherent and integrated cybersecurity in the IT & industrial projects, to deliver a Security-by-Design approach and in alignment with national and industry cybersecurity standards. (NCA/ HCIS/ NIST/ IEC62443 etc).
Set the Strategy:
- Develops an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate.
- Develops, implements, and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled and/ or processed by the organization.
- Develops and implements the security architecture and processes to protect information and IT & industrial security assets, assuring secure segmentation, monitoring and control of technologies and data.
- Works effectively with business units to facilitate information security risk assessment and risk management processes and empowers them to own and manage risk.
- Develops and implements incident response and crisis management capability to Identify, Detect, Protect, Contain, Respond and Recover from cybersecurity threats in both IT and Industrial Technology domains, ensuring that senior leadership and operational teams are engaged and involved in regular exercises to maintain a proactive state of readiness.
Build the Network and Communicate the Vision:
- Provides input for the Information Security section of the company's code of conduct. Has effective influencing and communication skills at all levels.
- Creates the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required.
- Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.
Operate the Function:
- Creates a risk-based process for the assessment and mitigation of any information and cyber security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.
- Works with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
- Collaborates and liaises with the data privacy officer to ensure that data privacy requirements are included where applicable.
- Defines and facilitates the processes for information and cyber security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.
In General:
- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT and OT risk management program.
- Lead, coordinate, communicate, integrate and be accountable for the overall success of the Company’s Cybersecurity program, ensuring alignment with enterprise priorities as well as shareholder and regulatory requirements and international cybersecurity best practices.
- Define Company’s Cybersecurity direction and policy, direct resources, and identify programs or infrastructure to achieve desired goals. Develop changes in Cybersecurity strategy to support new initiatives or required changes.
- Manage the process of Cyber governance, developing, updating, reviewing, and approving Information Security policies, procedures and other documents and communicate them to applicable stakeholders.
- Assure Compliance with Legal and Regulatory requirements like NCA regulations, ISO 27001 as well as Audit observations and shareholder requirements.
- Ensure the conduction of Cybersecurity Risk Assessments, provide recommendations on Risk Mitigation and Treatment options, and measure the effectiveness of Cybersecurity controls.
- Oversee the Company’s Information Security Management System (ISMS) to ensure that it operates as specified and aim to achieve certifications that validate compliance with industry and national standards.
- Implement and oversee Cybersecurity tools and supporting resources to enhance the Cybersecurity function’s operational capability as well as that of the Governance Risk and Compliance (GRC) function.
SKILLS / TECHNICAL KNOWLEDGE AREAS:
- Strong functional and technical knowledge of Cybersecurity, Information Security and IT Infrastructure.
- Good knowledge of overall Cybersecurity, Information Security and IT infrastructure including hardware, applications, networks and IT systems and services.
- Strong interpersonal communication skills.
- Strong command of oral and written English.
- Strong Cybersecurity Risk, Governance and Compliance management.
- Strong Cyber program and project management.
- Strong technical knowledge in Infrastructure security, Data Security, Identity and Access Management, GRC, End Point protection, Cloud Security, Industrial Control system security, IT/OT Convergence, IoT Security risk management, and Emerging technology cybersecurity risk management such as AI, VR, AR, robotics, block chains, and digital twins.
QUALIFICATIONS REQUIRED
- Minimum of 10 years in Information Technology, Operational Technology Cybersecurity, particularly in Critical Infrastructure environments, preferably with strong technical knowledge and experience.
- 5 years’ experience in similar Manager level role.
- MS / BS in Cybersecurity, Information Security, Computer Science or equivalent.
DESIRED EDUCATION and/or QUALIFICATIONS REQUIRED
Professional security management certification is desirable, such as:
Certified Information Systems Security Professional (CISSP), Global Industrial Control Systems Professional (GICSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) Cyber Security Incident Response Professional (CSIRP) or other similar credentials.