-
SOHAR Port and Freezone

Expert – Information Technology Governance, Compliance, and Risk (IGCR)

SOHAR Port and Freezone
Oman · Full-time · Mid-Senior

The Expert – IGCR plays a critical leadership role in safeguarding SOHAR Port and Freezone digital assets, ensuring regulatory compliance, and embedding cybersecurity and risk-aware governance across the organization. As a senior advisor and oversight authority, this role drives the strategic alignment of information security, technology governance, compliance, and risk management with SOHAR Port and Freezone overall business objectives.


Cybersecurity Strategy & Operations

  • Develop and implement cybersecurity frameworks, policies, and incident response plans.
  • Conduct regular vulnerability assessments, penetration testing, and security audits.
  • Ensure security best practices for servers, network, cloud and endpoints are in implemented by the security operation team.
  • Lead the formulation and periodic review of PSFZ’s cybersecurity vision, roadmap, and risk posture in alignment with business priorities.
  • Ensure the implementation and continual improvement of cybersecurity frameworks and policies across departments.
  • Supervise enterprise-wide incident response readiness and resilience.
  • Guide and assess the execution of cybersecurity operations performed by the IT and Digitalization functions


Technology Governance & Compliance

  • Define, implement, and maintain robust IT governance structures aligned with COBIT, ISO 27001, and NIST standards.
  • Ensure adherence to Oman’s cybersecurity laws, ISO 27001, GDPR (if applicable), and other regulatory requirements.
  • Lead internal and external audits, security assessments, and compliance reviews.
  • Maintain cybersecurity policies, ensuring they align with industry best practices and legal obligations.


Technology - Risk Management

  • Establish and continuously refine a technology risk management framework integrated with PSFZ's enterprise risk strategy.
  • Identify, assess, and prioritize key risks related to digital systems, third-party services, and data infrastructure.
  • Supervise the implementation and testing of Business Continuity and Disaster Recovery (BC/DR) plans.


Business Continuity

  • Participate in development and implementation of IT disaster recovery plan and business continuity plan.
  • Ensure proper maintenance, safekeeping, back up, and protection of all critical IT systems within the normal operation mode in case of a disaster.
  • Ensure implementation of regular backup operations, data protection, disaster recovery, and failover procedures.
  • Assist in the risk management tasks while coordinating with the concerned functions.


Leadership Oversight and Cross-functional Collaboration

  • Evaluate and steer the performance of technology functions in meeting IGCR goals and mandates.
  • Ensure security and compliance are embedded across all digitalization projects and IT operations.
  • Serve as the primary advisor to the VP Technology and executive leadership on matters related to information and cyber risk.


Security Culture, Awareness & Training

  • Develop enterprise-wide security awareness and behavioral change programs.
  • Act as a thought leader and internal ambassador for secure digital transformation.
  • Promote a security-first culture across the organization.
  • Conduct workshops and training sessions on cybersecurity best practices.

Technology - Incident Management & Response

  • Establish protocols for detecting, responding to, and recovering from security incidents.
  • Participate in reviewing and assessing the cybersecurity incident and enhance the mitigation and response process where needed.
  • Collaborate with internal teams and external agencies to handle cyber incidents effectively.


Technology - Vendor & Third-Party Risk Management

  • Lead due diligence and risk reviews for all IT and cloud-based vendors.
  • Enforce third-party security requirements and monitor ongoing compliance with data protection obligations.
  • Assess and manage cybersecurity risks associated with external vendors, cloud providers, and IT service partners. Conduct security evaluations of third-party service providers.
  • Ensure vendor compliance with SPFZ’s cybersecurity and data protection standards.


Minimum Requirements

  • Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Networking or related specialization.
  • Professional certification in Network administration\Engineering is highly preferable. E.g. CCNA, CCNP.
  • Professional certification in Windows Server Technologies is highly preferable. E.g. MCSA, MSCE.
  • Minimum of 10 years of relevant experience, including leadership roles in networking, cybersecurity governance, compliance, and risk management.
  • Deep knowledge of risk management frameworks, IT governance models (COBIT, ITIL), and security operations.
  • Proven track record of leading enterprise security strategy and working directly with executive leadership.
  • Experience in overseeing cross-functional teams or directing cybersecurity efforts across multiple domains.
  • Hands-on experience with SIEM solutions, firewalls, endpoint protection, cloud security solutions, and threat intelligence platforms.

Key Skills

Ranked by relevance

cybersecurity cloud incident response penetration testing windows server cloud security firewalls embedded server gdpr ccna nist itil siem mcsa
Login to Apply
Posted
Aug 03, 2025
Type
Full-time
Level
Mid-Senior
Location
Sohar

Industries

Transportation Logistics Supply Chain Storage

Categories

Information Technology

Related Jobs

3 roles aligned with this opportunity

View all jobs
View Job Details
SOHAR Port and Freezone
Related

Database Specialist

2026-06-30

Full-time
Associate
Oman
Transportation
Information Technology
View Job Details
SOHAR Port and Freezone
Related

Helpdesk Officer

2026-06-30

Full-time
Associate
Oman
Transportation
Information Technology
View Job Details
SOHAR Port and Freezone
Related

Software Developer

2025-08-03

Full-time
Associate
Oman
Transportation
Information Technology