IT Governance Lead
Job Description
ROLES AND RESPONSABILITIES | |
Key Accountability Areas | Key Activities |
Tactical | • Establish SANAD’s governance model aligned with COBIT, ITIL v4, TOGAF, and NCA-ECC; ensure it covers all IT domains (infrastructure, cybersecurity, cloud, ERP, and data). • Design the complete policy hierarchy (policy → standard → procedure → checklist) and ensure mapping of controls to risks and regulatory obligations (NCA, Affiliate compliance). • Integrate governance checkpoints into project lifecycles, change management, and procurement workflows, ensuring every IT initiative aligns with approved architecture and compliance standards. • Define structure, membership, and terms of reference for the IT Steering Committee, Risk & Compliance Committee, and technical review boards; manage agenda, minutes, and follow-ups. • Create governance KPIs and scorecards using Power BI or ITSM tools to track audit readiness, control effectiveness, SLA adherence, and maturity progress. • Select and configure GRC / ITSM platforms to automate risk registers, control tracking, and compliance reporting. • Conduct annual maturity assessments, benchmark against NIST domains, and implement improvement plans to move from reactive to proactive governance posture. |
Operational | • Develop and continuously update all governance documentation including the IT Governance Framework, policies, standards, procedures, and control matrices. • Maintain version control, ownership assignment, and review cadence (annual or post-audit) for all IT policies and procedures. • Operationalize change management, risk management, and compliance workflows within ITSM or GRC tools. • Perform periodic self-assessments, evidence collection, and KPI tracking to ensure adherence to NCA-ECC, NIST, and Affiliate standards. • Identify, assess, and monitor IT risks; ensure mitigation plans are documented, owners assigned, and residual risk reported. • Oversee Cloud tenancy governance, tagging, cost controls, and periodic configuration reviews for compliance with defined standards. • Coordinate Internal and External Audits. Prepare control evidence, manage audit queries, document findings, and track closure actions across IT domains. • Validate that service providers meet SLA, KPI, and contractual compliance obligations through quarterly reviews and governance scorecards. • Produce monthly and quarterly dashboards showing policy compliance, audit readiness, and governance maturity indicators for management review. • Conduct governance induction, awareness sessions, and control-owner workshops to institutionalize governance practices across IT teams and business units. |
People & Leadership
| • Promote a culture of accountability, excellence, and continuous improvement. • Facilitate cross-functional collaboration and communication across IT and business units. • Provide leadership in decision-making processes related to IT investments and risk mitigation. • Mentor and guide teams on governance best practices and compliance requirements |
Physical Working Conditions | • Office-based with occasional visits to operational sites (e.g., drilling rigs) to assess infrastructure and governance compliance. |
JOB QUALIFICATIONS AND REQUIREMENTS | |
Knowledge and Experience | • Minimum 5–7 years of progressive experience in IT Governance, Risk, and Compliance (GRC), with at least 3 years in a governance leadership or framework-establishing role. • Proven experience implementing IT governance frameworks such as COBIT, ITIL v4, ISO 27001, and NIST CSF, including policy development, control mapping, and maturity assessments. • Hands-on experience establishing governance in a Greenfield or IT carve-out environment, covering cloud, infrastructure, ERP, and cybersecurity domains. • Strong understanding of KSA regulatory and compliance requirements, including NCA-ECC, NIST, and Affiliate Standards. • Practical exposure to cloud governance models particularly including tenancy governance, and identity control. • Experience leading IT audits, risk assessments, and compliance reviews, and coordinating remediation activities across multiple stakeholders and vendors. • Demonstrated capability to translate governance into operations, including KPI definition, dashboarding and cross-functional communication with IT, Cybersecurity, and Business Leadership. |
Education and Certifications | • Bachelor’s degree in computer science, Information Systems, or related field. • Strongly Preferred: • COBIT Certified – for IT governance and control framework implementation. • ITIL v4 Foundation or Intermediate – for IT service management alignment. • CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control) – for audit and risk management depth. |