IT Governance Lead

ROLESANDRESPONSABILITIES

KeyAccountabilityAreas

KeyActivities

Tactical

•Establish SANAD’s governance model aligned with COBIT, ITIL v4, TOGAF, and NCA-ECC; ensure it covers all IT domains (infrastructure, cybersecurity, cloud, ERP, and data).

•Design the complete policy hierarchy (policy → standard → procedure → checklist) and ensure mapping of controls to risks and regulatory obligations (NCA, Affiliate compliance).

•Integrate governance checkpoints into project lifecycles, change management, and procurement workflows, ensuring every IT initiative aligns with approved architecture and compliance standards.

•Define structure, membership, and terms of reference for the IT Steering Committee, Risk & Compliance Committee, and technical review boards; manage agenda, minutes, and follow-ups.

•Create governance KPIs and scorecards using Power BI or ITSM tools to track audit readiness, control effectiveness, SLA adherence, and maturity progress.

•Select and configure GRC / ITSM platforms to automate risk registers, control tracking, and compliance reporting.

•Conduct annual maturity assessments, benchmark against NIST domains, and implement improvement plans to move from reactive to proactive governance posture.

Operational

•Develop and continuously update all governance documentation including the IT Governance Framework, policies, standards, procedures, and control matrices.

•Maintain version control, ownership assignment, and review cadence (annual or post-audit) for all IT policies and procedures.

•Operationalize change management, risk management, and compliance workflows within ITSM or GRC tools.

•Perform periodic self-assessments, evidence collection, and KPI tracking to ensure adherence to NCA-ECC, NIST, and Affiliate standards.

•Identify, assess, and monitor IT risks; ensure mitigation plans are documented, owners assigned, and residual risk reported.

•Oversee Cloud tenancy governance, tagging, cost controls, and periodic configuration reviews for compliance with defined standards.

•Coordinate Internal and External Audits. Prepare control evidence, manage audit queries, document findings, and track closure actions across IT domains.

•Validate that service providers meet SLA, KPI, and contractual compliance obligations through quarterly reviews and governance scorecards.

•Produce monthly and quarterly dashboards showing policy compliance, audit readiness, and governance maturity indicators for management review.

•Conduct governance induction, awareness sessions, and control-owner workshops to institutionalize governance practices across IT teams and business units.

People & Leadership

•Promote a culture of accountability, excellence, and continuous improvement.

•Facilitate cross-functional collaboration and communication across IT and business units.

•Provide leadership in decision-making processes related to IT investments and risk mitigation.

•Mentor and guide teams on governance best practices and compliance requirements

PhysicalWorking Conditions

•Office-based with occasional visits to operational sites (e.g., drilling rigs) to assess infrastructure and governance compliance.

JOBQUALIFICATIONSANDREQUIREMENTS

Knowledgeand Experience

•Minimum 5–7 years of progressive experience in IT Governance, Risk, and Compliance (GRC), with at least 3 years in a governance leadership or framework-establishing role.

•Proven experience implementing IT governance frameworks such as COBIT, ITIL v4, ISO 27001, and NIST CSF, including policy development, control mapping, and maturity assessments.

•Hands-on experience establishing governance in a Greenfield or IT carve-out environment, covering cloud, infrastructure, ERP, and cybersecurity domains.

•Strong understanding of KSA regulatory and compliance requirements, including NCA-ECC, NIST, and Affiliate Standards.

•Practical exposure to cloud governance models particularly including tenancy governance, and identity control.

•Experience leading IT audits, risk assessments, and compliance reviews, and coordinating remediation activities across multiple stakeholders and vendors.

•Demonstrated capability to translate governance into operations, including KPI definition, dashboarding and cross-functional communication with IT, Cybersecurity, and Business Leadership.

Educationand Certifications

•Bachelor’s degree in computer science, Information Systems, or related field.

•Strongly Preferred:

•COBIT Certified – for IT governance and control framework implementation.

•ITIL v4 Foundation or Intermediate – for IT service management alignment.

•CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control) – for audit and risk management depth.