Senior Associate - Cybersecurity GRC and Data Governance

Position Summary
The role supports the development, implementation, and continuous monitoring of KAPSARC’s cybersecurity governance framework in alignment with the National Cybersecurity Authority (NCA) frameworks and other applicable regulatory requirements.

In addition, the role supports the establishment and operation of the Data Management Office (DMO) under the Cybersecurity function to ensure alignment with the National Data Management Office (NDMO) Data Governance Framework and enterprise data protection requirements.

The position functions as an operational governance role, ensuring effective cybersecurity oversight, regulatory compliance, risk monitoring, and the integration of data governance controls within the overall cybersecurity framework.

Major Accountabilities

Cybersecurity Governance & Regulatory Compliance
• Support the implementation and continuous enhancement of the cybersecurity governance framework aligned with NCA requirements.
• Develop and maintain cybersecurity policies, standards, and procedures.
• Monitor compliance with NCA regulatory requirements and applicable cybersecurity standards.
• Conduct control effectiveness reviews and compliance assessments.
• Coordinate internal and external cybersecurity audits and track remediation activities.
• Maintain regulatory evidence repositories and ensure inspection readiness.

Cybersecurity Risk Management
• Conduct enterprise cybersecurity risk assessments.
• Maintain and update the cybersecurity risk register.
• Support the integration of cybersecurity risks into enterprise risk management processes.
• Monitor remediation plans and risk treatment actions.
• Prepare periodic cybersecurity risk posture reports for management.

Control Oversight & Assurance
• Review vulnerability assessment and security testing reports to ensure risk-based prioritization.
• Monitor adherence to secure configuration and patch management standards.
• Assess the effectiveness of administrative, technical, and operational security controls.
• Identify control gaps and recommend corrective actions.

Data Governance Integration
• Support the establishment and operationalization of the Data Management Office (DMO) under Cybersecurity.
• Assist in implementing NDMO Data Governance Framework requirements.
• Coordinate with business units to formalize data ownership and stewardship structures.
• Support the implementation of data classification, data handling, and data lifecycle governance processes.
• Ensure cybersecurity controls appropriately protect sensitive and classified data assets.
• Maintain compliance tracking for NDMO-related requirements.

Reporting & Governance Monitoring
• Develop dashboards and reports covering cybersecurity KPIs and KRIs.
• Provide visibility into regulatory compliance status, including NCA and NDMO requirements.
• Support executive reporting to leadership and governance committees.
• Identify areas for improvement to enhance cybersecurity and data governance maturity.

Continuous Improvement
• Recommend enhancements to strengthen the cybersecurity posture and regulatory alignment.
• Support governance automation initiatives and tool optimization.
• Benchmark practices against national and international cybersecurity standards.

Related Assignments
• Perform any other duties the organization may require.

Qualifications and Experience

Recommended Qualifications and Years of Experience
• Bachelor’s degree in Computer Science, Information Technology, Telecommunications, or a related field, with 4-7 years of experience in IT and cybersecurity environments; or
• Master’s degree in Computer Science, Information Technology, Telecommunications, or a related field, with 3-5 years of experience.
• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Security+, Systems Security Certified Practitioner (SSCP), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), and Data Governance or CDMP certification are preferred.