Datamatics Technologies

Job Title: NCA Governance & Management Lead (ECC, DCC)

Location: Riyadh, KSA
Experience: 10+ Years
Domain: Cybersecurity Governance, Risk & Compliance (GRC)

Role Overview

We are seeking a highly experienced NCA Governance & Management Lead to drive cybersecurity governance initiatives aligned with National Cybersecurity Authority (NCA) requirements in Saudi Arabia. The role will focus on implementing and managing compliance across Essential Cybersecurity Controls (ECC) and Data Cybersecurity Controls (DCC) frameworks while ensuring alignment with international standards and regulatory requirements.

Key Responsibilities

• Lead the design, implementation, and continuous improvement of cybersecurity governance frameworks aligned with NCA ECC and DCC.
• Establish and manage enterprise-wide cybersecurity policies, standards, and procedures.
• Drive NCA compliance assessments, gap analysis, and remediation planning.
• Oversee cybersecurity risk management, including identification, assessment, mitigation, and reporting.
• Ensure alignment with international standards such as ISO 27001 and global data protection regulations.
• Lead internal and external audits, including regulatory inspections and certification processes.
• Develop governance dashboards and reporting mechanisms for executive leadership.
• Collaborate with IT, security, legal, and business teams to embed security controls across the organization.
• Provide strategic guidance on data protection, privacy, and cloud security practices.
• Mentor and lead GRC teams, fostering a culture of compliance and security awareness.

Required Qualifications & Certifications

• Bachelor’s or Master’s degree in Cybersecurity, Information Security, IT, or related field.
• Mandatory certifications (one or more preferred):
  • ISO 27001 Lead Implementer / Lead Auditor
  • CISA (Certified Information Systems Auditor)
  • CCSP (Certified Cloud Security Professional)
  • Strong understanding of GDPR and data privacy frameworks

Experience Requirements

• Minimum 10+ years of experience in cybersecurity, with a strong focus on governance, risk, and compliance.
• Proven hands-on experience implementing NCA ECC and DCC controls in Saudi Arabia.
• Experience working with tier-1 enterprises or leading consulting firms.
• Demonstrated success in managing large-scale compliance programs and audits.
• Exposure to multi-industry environments (e.g., government, banking, telecom, or critical infrastructure).

Key Skills & Competencies

• Deep understanding of NCA frameworks (ECC, DCC) and regulatory landscape in KSA.
• Strong knowledge of ISO 27001, risk management frameworks, and control design.
• Expertise in cybersecurity governance, audit, and compliance reporting.
• Excellent stakeholder management and communication skills.
• Leadership capability to manage cross-functional teams and senior stakeholders.
• Analytical mindset with strong problem-solving and decision-making skills.

Preferred Attributes

• Experience in cloud security governance and data protection.
• Familiarity with regional regulatory requirements in the Middle East.
• Ability to operate in complex, high-stakes environments with executive visibility.