Expert – Information Technology Governance, Compliance, and Risk (IGCR)
The Expert – IGCR plays a critical leadership role in safeguarding SOHAR Port and Freezone digital assets, ensuring regulatory compliance, and embedding cybersecurity and risk-aware governance across the organization. As a senior advisor and oversight authority, this role drives the strategic alignment of information security, technology governance, compliance, and risk management with SOHAR Port and Freezone overall business objectives.
Cybersecurity Strategy & Operations
- Develop and implement cybersecurity frameworks, policies, and incident response plans.
- Conduct regular vulnerability assessments, penetration testing, and security audits.
- Ensure security best practices for servers, network, cloud and endpoints are in implemented by the security operation team.
- Lead the formulation and periodic review of PSFZ’s cybersecurity vision, roadmap, and risk posture in alignment with business priorities.
- Ensure the implementation and continual improvement of cybersecurity frameworks and policies across departments.
- Supervise enterprise-wide incident response readiness and resilience.
- Guide and assess the execution of cybersecurity operations performed by the IT and Digitalization functions
Technology Governance & Compliance
- Define, implement, and maintain robust IT governance structures aligned with COBIT, ISO 27001, and NIST standards.
- Ensure adherence to Oman’s cybersecurity laws, ISO 27001, GDPR (if applicable), and other regulatory requirements.
- Lead internal and external audits, security assessments, and compliance reviews.
- Maintain cybersecurity policies, ensuring they align with industry best practices and legal obligations.
Technology - Risk Management
- Establish and continuously refine a technology risk management framework integrated with PSFZ's enterprise risk strategy.
- Identify, assess, and prioritize key risks related to digital systems, third-party services, and data infrastructure.
- Supervise the implementation and testing of Business Continuity and Disaster Recovery (BC/DR) plans.
Business Continuity
- Participate in development and implementation of IT disaster recovery plan and business continuity plan.
- Ensure proper maintenance, safekeeping, back up, and protection of all critical IT systems within the normal operation mode in case of a disaster.
- Ensure implementation of regular backup operations, data protection, disaster recovery, and failover procedures.
- Assist in the risk management tasks while coordinating with the concerned functions.
Leadership Oversight and Cross-functional Collaboration
- Evaluate and steer the performance of technology functions in meeting IGCR goals and mandates.
- Ensure security and compliance are embedded across all digitalization projects and IT operations.
- Serve as the primary advisor to the VP Technology and executive leadership on matters related to information and cyber risk.
Security Culture, Awareness & Training
- Develop enterprise-wide security awareness and behavioral change programs.
- Act as a thought leader and internal ambassador for secure digital transformation.
- Promote a security-first culture across the organization.
- Conduct workshops and training sessions on cybersecurity best practices.
Technology - Incident Management & Response
- Establish protocols for detecting, responding to, and recovering from security incidents.
- Participate in reviewing and assessing the cybersecurity incident and enhance the mitigation and response process where needed.
- Collaborate with internal teams and external agencies to handle cyber incidents effectively.
Technology - Vendor & Third-Party Risk Management
- Lead due diligence and risk reviews for all IT and cloud-based vendors.
- Enforce third-party security requirements and monitor ongoing compliance with data protection obligations.
- Assess and manage cybersecurity risks associated with external vendors, cloud providers, and IT service partners. Conduct security evaluations of third-party service providers.
- Ensure vendor compliance with SPFZ’s cybersecurity and data protection standards.
Minimum Requirements
- Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Networking or related specialization.
- Professional certification in Network administration\Engineering is highly preferable. E.g. CCNA, CCNP.
- Professional certification in Windows Server Technologies is highly preferable. E.g. MCSA, MSCE.
- Minimum of 10 years of relevant experience, including leadership roles in networking, cybersecurity governance, compliance, and risk management.
- Deep knowledge of risk management frameworks, IT governance models (COBIT, ITIL), and security operations.
- Proven track record of leading enterprise security strategy and working directly with executive leadership.
- Experience in overseeing cross-functional teams or directing cybersecurity efforts across multiple domains.
- Hands-on experience with SIEM solutions, firewalls, endpoint protection, cloud security solutions, and threat intelligence platforms.
Key Skills
Ranked by relevance
Related Jobs
3 roles aligned with this opportunity
Database Specialist
2026-06-30
Helpdesk Officer
2026-06-30
Software Developer
2025-08-03
- Posted
- Aug 03, 2025
- Type
- Full-time
- Level
- Mid-Senior
- Location
- Sohar
- Company
- SOHAR Port and Freezone
Industries
Categories
Related Jobs
3 roles aligned with this opportunity
Database Specialist
2026-06-30
Helpdesk Officer
2026-06-30
Software Developer
2025-08-03