Manager, Cyber Regulations and Governance

About the jobJob SummaryThe Manager, Cyber Regulation and Governance, manages the development and implementation of cybersecurity regulatory assurance and reporting requirements across the TAQA Group, including IWPPs and non-operated assets defined by the UAE regulatory authority. This role is responsible for delivering a comprehensive Cyber Regulation and Governance program that aligns with regulatory and government policies, collaborating with a globally dispersed team of cybersecurity practitioners. Additionally, the Manager, Cyber Regulation and Governance oversees the formal risk assessment process to identify deviations from regulations and internal policies, ensuring accurate reporting to governmental entities.General ResponsibilitiesStrategy and PlanningImplement the organizational strategy in line with the business vision, mission, and corporate objectives, as well as the Group delegation of authority policy.Ensure that the overall business strategy is translated into annual operational business plans and the performance is monitored to ensure business plans are in line with the overall growth plan.Policy, Procedures, Process, and SystemsImplement policy, systems, processes, procedures, and controls covering all functional areas in line with Group delegation of authority policy to ensure fulfillment of all relevant procedural/legislative requirements while consistently delivering quality and cost-effective service.ReportingEnsure all divisional reports are completed timely and comply with HQ and business policies and standards.Manage the preparation of periodical management reports and progress reports to keep the senior management informed about the progress of various initiatives and to facilitate decision-making.Comply with organization requirements in a timely manner.Job Specific ResponsibilitiesDevelop and maintain robust cybersecurity governance frameworks, policies, and procedures in line with global and regional regulations.Deliver a highly effective Cyber Risk, Assurance, and Advisory function across TAQA Group and IWPPs, ensuring consistent implementation of cyber risk assessments and identification of suitable mitigating controls.Maintain and update TAQA Group’s IT cybersecurity policies and standards, incorporating changes in legislation and emerging industry risks.Ensure that first-line assurance activities are conducted to confirm the effectiveness of controls, including compliance with TAQA Group cyber policies and governmental regulations.Implement and manage a standardized cybersecurity risk assessment process that engages the business from initial impact assessment to final risk sign-off.Conduct comprehensive risk assessments to identify vulnerabilities and threats to TAQA’s information assets, ensuring that risk management strategies are effectively implemented and monitored.Provide technical cyber assurance across TAQA Group, IWPPs, and other non-operated assets, ensuring comprehensive security coverage and visibility from a Security Operations Center (SOC) perspective.Assist in reviewing technical architectures as part of the formal Risk Assessment of Systems to ensure security measures are integrated.Develop and maintain reporting dashboards tailored to various stakeholders, including the TAQA Executive Team, Department of Energy (UAE), and Cybersecurity Council (UAE), ensuring relevant metrics are produced to support communication efforts.Initiate assurance programs to assess the cybersecurity maturity of regional operations, maintaining a maturity heat map for tracking progress.Ensure transparency regarding the cyber risks faced by the organization, embedding these risks within regional and group risk registers and tracking actions to address gaps for reporting to the Cyber Security Steering Committee (CSSC).Collaborate closely with Group Risk and related organizations across all TAQA entities to produce an integrated view of risk for TAQA leadership.Collaborate with the Cyber Operations & Threat Intelligence team to ensure that lessons learned from cybersecurity incidents are integrated into future risk assessments and governance practices.Conduct regular audits and reviews to assess the effectiveness of cybersecurity governance frameworks and controls, ensuring that findings are addressed in a timely manner.Identify opportunities for continuous improvement in cybersecurity governance processes and practices, leveraging industry best practices and lessons learned from incidents.LeadershipModel continuous improvement and professional development. Make decisions with integrity, transparency, and a focus on the entity’s goals, ensuring Safe is maintained as a core principle.Talent ManagementExecute talent development initiatives focused on skill enhancement and career progression. Upskill key resources across the TAQA Group and ensure a team culture connected to the organization’s larger purpose.CultureChampion the organization’s values within the dispersed team, encouraging a