The Cybersecurity GRC Senior Specialist is responsible for establishing and managing the organization's cybersecurity governance framework, ensuring adherence to regulatory compliance, and mitigating risk. This role involves leading a team to perform cybersecurity audits, risk assessments, and compliance reviews while ensuring alignment with KSA-specific laws and standards like NCA and SAMA.
Responsibilities:
Cybersecurity Governance
- Develop and implement cybersecurity governance policies and frameworks
- Monitor adherence to established cybersecurity policies across the organization
- Provide periodic updates and reports to the CISO on governance metrics
Risk Management
- Identify and evaluate cybersecurity risks through detailed risk assessments
- Collaborate with stakeholders to prioritize and mitigate identified risks
- Maintain and update the organization's risk register
Compliance Management
- Ensure organizational compliance with KSA-specific standards (e.g., NCA, SAMA)
- Conduct periodic internal and external compliance audits
- Prepare and submit regulatory compliance reports as required by authorities
Policy & Procedure Management
- Draft, review, and update cybersecurity policies, standards, and procedures
- Ensure policies align with international frameworks such as ISO 27001 and NIST
- Track policy exceptions and coordinate approval processes with stakeholders
Audit & Control Assurance
- Perform control testing to validate the effectiveness of technical and administrative controls
- Develop corrective action plans for audit findings and track closure progress
- Support internal audit teams with cybersecurity-related audit engagements
Qualifications:
- Bachelor's degree in Cybersecurity, Information Security, Computer Science or related field.
- 3+ years of experience in cybersecurity governance, risk management, and compliance roles.
- Strong understanding of cybersecurity governance frameworks and risk management practices.
- Knowledge of KSA-specific regulations like NCA, SAMA, and ISO 27001.
