Director of CyberSecurity & GRC

Company Description

Role Overview

Director of Cybersecurity & GRC

Key Responsibilities

• Define and continuously evolve Cybera’s cybersecurity service catalogue across GRC, SOC-as-a-Service, managed detection, offensive security, and vCISO/advisory offerings.
• Lead design and implementation of cybersecurity frameworks and programmes for clients, including ISO 27001/27017 ISMS, PCI DSS, NIST CSF, NIST SP 800-171, NCA CST, SAMA, PDPL, and other regional regulations as relevant.
• Architect and govern SOC service offerings (IT and OT where applicable), including SIEM/SOAR strategy, control mapping to MITRE ATT&CK, and KPI/KRI definitions for SOC performance.
• Collaborate with product/engineering to shape CyberA’s platform roadmap (GRC modules, dashboards, automation, reporting) based on client requirements and regulatory trends.
• Manage and mentor a team of cybersecurity professionals (GRC consultants, SOC engineers/analysts, penetration testers, security architects), establishing clear role definitions, training plans, and progression paths.
• Own quality and consistency of client deliverables: policies and standards, risk registers, treatment plans, audit reports, playbooks, runbooks, and executive presentations.
• Lead or support presales activities: discovery workshops, gap assessments, solution design, proposals, PoCs, and executive briefings with CxO stakeholders.
• Act as senior advisor to C-level executives and boards on cyber risk, security architecture, and regulatory compliance for key accounts.
• Establish and monitor practice-level KPIs and OKRs (utilisation, NPS, renewal/upsell rates, time-to-value) and report regularly to the CISO and CEO.
• Contribute to thought leadership and capability building: internal playbooks, knowledge-sharing, training programmes, and possibly a Cybera Academy-style enablement function for clients and partners.

Required Experience

• 10+ years in cybersecurity, with at least 3–5 years in a leadership role (practice lead, head of cybersecurity, director, senior manager) covering multiple domains (GRC, SOC, offensive security, architecture).
• Demonstrable experience in building or significantly scaling a cybersecurity practice or MSSP function (e.g., service catalogue design, methodology, delivery governance, KPIs).
• Hands-on experience implementing and maintaining at least three of: ISO 27001/27017, PCI DSS, NIST CSF, NIST SP 800-171, NCA CST, SAMA, PDPL, or equivalent regional frameworks.
• Proven background in SOC design and governance, SIEM/SOAR projects (QRadar, Splunk, ELK, Resilient, TheHive, etc.), and mapping use cases/controls to MITRE ATT&CK.
• Strong experience in client-facing consulting roles with financial services, telecom, government, or critical infrastructure clients.
• Track record of leading and developing technical teams, including hiring, performance management, and competency development.
• Excellent written and spoken English; strong executive communication and presentation skills.

Nice-to-have Experience

• Prior experience in a GCC-based MSSP or cybersecurity consulting firm.
• Exposure to cloud security (AWS/Azure) and cloud-related compliance (ISO 27017, shared responsibility, multi-tenant SOC).
• Experience contributing to or working with regulators, central banks, or national cybersecurity authorities.
• Familiarity with GRC platforms (e.g., Archer, ServiceNow, Eramba) and building unified control frameworks.
• Relevant certifications such as CISSP, CISM, ISO 27001 LA/LI, SABSA, GIAC (GCIH, GCIA, GMON), or equivalent.

What Success Looks Like in 12–18 Months

• A clearly defined, market-ready cybersecurity service portfolio with standard methodologies, templates, and SLAs.
• An operating SOC/GRC function with measurable KPIs and repeatable onboarding of new clients.
• A high-performing team in place, with robust onboarding, training, and quality governance.
• Strong reference clients and case studies in at least two priority verticals (e.g., financial services and telecom).

Why Join CyberA?

• Opportunity to architect and lead a next-generation MCSP from the ground up.
• Direct impact and visibility, working closely with the CISO and CEO on both strategy and execution.
• Entrepreneurial, fast-paced environment with the ability to shape the culture, processes, and technology stack.
• Competitive compensation with performance-based incentives and potential for long-term upside.