Director, GRC & Cybersecurity (859)

Overview

Lead the Governance, Risk, Compliance, and Cybersecurity functions to ensure SOPC’s regulatory compliance, enterprise resilience, and digital security. The Director owns the enterprise risk management framework, business continuity, and cybersecurity governance, ensuring full compliance with national directives such as PDPL and NCA. The Director provides oversight and guidance to SOPC functions, enabling them to operate within defined risk appetites and ensuring alignment with SOPC’s governance and operational priorities. The position strengthens SOPC’s second line of defense through integrated risk oversight, compliance monitoring, and cyber readiness.

Responsibilities

• Enterprise Risk Management : Lead the development, implementation, and continuous improvement of SOPC’s enterprise risk management framework, including risk appetite, taxonomy, and assessment methodologies.
• Maintain and oversee risk registers across SOPC and federations, ensuring risks are identified, evaluated, and mitigated in line with strategic objectives.
• Coordinate enterprise-level risk reporting and escalation mechanisms, ensuring transparency and timely decision-making by the CEO and Audit Committee.
• Partner with Internal Audit to align audit priorities with enterprise risk exposures and provide regular updates on residual risks.
• Cyber Strategy & Governance : Oversee SOPC’s cybersecurity strategy, policies, and frameworks, ensuring alignment with national cybersecurity directives and international standards.
• Ensure the implementation of incident response protocols, access control systems, and data protection mechanisms that safeguard SOPC’s digital assets and sensitive information.
• Lead cyber risk assessments and maturity reviews, identifying vulnerabilities and ensuring mitigation measures are implemented effectively.
• Collaborate with the Digital Transformation and IT functions to maintain secure technology environments and align cybersecurity architecture with operational priorities.
• Governance & Compliance : Develop and enforce compliance frameworks and monitoring systems that ensure adherence to national and international regulations, including PDPL, NCA, anti-fraud, and anti-corruption standards.
• Establish and maintain governance frameworks and compliance reporting protocols to track performance, identify breaches, and drive remedial actions across SOPC entities.
• Provide the CEO and leadership team with periodic compliance dashboards and reports, enabling proactive management of legal and regulatory obligations.
• Act as the focal point for regulatory inspections, compliance reviews, and audits, ensuring accurate documentation and timely responses.
• Business Continuity & Crisis Management : Direct the establishment and testing of business continuity management (BCM) and disaster recovery (DR) frameworks, ensuring organizational preparedness for disruptions.
• Conduct scenario testing and simulations to evaluate SOPC’s resilience and recovery capabilities across critical operations.
• Integrate BCM and DR plans into enterprise risk and compliance structures, ensuring unified risk governance across the organization.
• Provide assurance to senior leadership that SOPC’s continuity and resilience mechanisms meet regulatory expectations and operational needs.
• Boundaries : Independent assurance and audit reviews fall under Internal Audit, which provides oversight on the effectiveness of controls and frameworks developed by GRC.
• Legal advisory, representation, and statutory interpretation are under Legal Affairs, which informs the compliance frameworks developed by GRC.
• Operational policy design and process documentation are owned by Corporate Excellence, with GRC embedding compliance and risk requirements within those structures.
• Front-line control execution and risk ownership remain the responsibility of management functions (first line of defense), with GRC providing oversight, monitoring, and guidance.

Seniority level

Employment type

Job function

#J-18808-Ljbffr