Manager Cybersecurity, Governance & Compliance

Oman Investment Authority

Develop and implement a comprehensive governance and compliance strategy aligned with the organization s strategic objectives and regulatory requirements, covering both Information and Communication Technology (ICT) and Operational Technology (OT) systems

Continuously monitor and interpret applicable laws, regulations, and industry standards such as APSR SCADA Cyber Security Standards, OIA Information Security Standards, and ISO/IEC 27001 that impact the organization s ICT and OT environments. Ensure compliance with both internal and external requirements by updating governance frameworks, operational controls, technical baselines, and organizational policies in line with evolving regulatory expectations and risk conditions

Lead comprehensive risk assessments to identify potential threats and vulnerabilities across the organization s business operations, encompassing both ICT and OT systems. This includes threat management for IoT and field devices, as well as evaluation of enterprise OT security architecture. Collaborate with relevant teams to develop and implement effective risk mitigation strategies and actionable response plans

Assess supply chain and third-party vendor risks across critical assets, including OT systems, Advanced Metering Infrastructure (AMI), and IT assets. Identify security gaps and exposure points, enforce vendor compliance with applicable requirements, and recommend targeted mitigation strategies

Lead the implementation of security projects across diverse asset types, considering the sensitivity and criticality of ICT and OT systems. Ensure alignment with the organization s cybersecurity strategy, evolving threat landscape, and risk mitigation priorities, while achieving defined project objectives. Collaborate with cross-functional teams to embed governance, risk, and compliance controls throughout the project lifecycle.

Establish robust processes to monitor and evaluate compliance with internal policies and external regulations across ICT and OT systems. Deliver insightful compliance reports and executive summaries to inform leadership and support strategic decision-making.

Assess awareness levels across the organization amidst evolving cyber threats impacting users and systems. Design targeted awareness programs, deliver training campaigns, and evaluate their effectiveness to continuously strengthen the organization s security and compliance culture.

Develop and manage project budgets with forecasting to anticipate future resource needs and ensure effective allocation across initiatives. Oversee team operations by assigning roles based on skills and workload, and monitor performance using KPIs, progress tracking, and regular reviews. Foster a results-driven environment that supports timely delivery, accountability, and continuous improvement

Oversee end-to-end security operations including OT, leveraging advanced threat detection, SOAR automation, AI, and analytics to proactively identify, analyze, and respond to cyber threats. Manage SOC resources effectively, assign responsibilities based on expertise, and track performance using operational KPIs such as MTTD and MTTR. Continuously enhance detection capabilities and automate response workflows to ensure agility, precision, and resilience against evolving threats

Act as a strategic liaison to senior management on all cybersecurity matters impacting ICT and OT environments, ensuring timely awareness and alignment with emerging threats, regulatory requirements, and industry standards. Lead the development and implementation of appropriate measures to address identified risks and compliance obligations. Coordinate effectively with cross-functional teams, internal and external auditors, third-party vendors, regulatory and security forums, and government authorities to support a unified and proactive cybersecurity posture

Drive continuous improvement by identifying gaps and opportunities across governance, technical defenses, and compliance processes in both ICT and OT environments. Proactively adapt to evolving cyber threats by integrating advanced threat detection, enhancing defensive controls, and implementing best practices to strengthen the organization s security posture and cyber resilience