The Cybersecurity GRC (Governance, Risk, and Compliance) Specialist is responsible for working on the establishment of the organization's cybersecurity governance framework, ensuring adherence to regulatory compliance, and mitigating risk. This role involves conducting cybersecurity audits, risk assessments, and compliance checks, while helping ensure the organization aligns with regulatory requirements and standards in KSA, such as NCA and SAMA.
Cybersecurity Governance
- Develop and implement cybersecurity governance policies and frameworks
- Monitor adherence to established cybersecurity policies across the organization
- Provide periodic updates and reports to the CISO on governance metrics
Risk Management
- Identify and evaluate cybersecurity risks through detailed risk assessments
- Collaborate with stakeholders to prioritize and mitigate identified risks
- Maintain and update the organization's risk register
Compliance Management
- Ensure organizational compliance with KSA-specific standards (e.g., NCA, SAMA)
- Conduct periodic internal and external compliance audits
- Prepare and submit regulatory compliance reports as required by authorities
Business Continuity
- Assist in developing and maintaining the organization's business continuity and disaster recovery plans
- Support business impact analyses and risk assessments to ensure operational resilience
- Participate in testing and validation of business continuity and recovery procedures
- Contribute to incident response activities to minimize disruptions and ensure timely recovery
Requirements:
- Bachelor's degree in Cybersecurity, Information Security, Computer Science, or related IT fields.
- Relevant experience in Cybersecurity GRC is preferrable.
- Certifications in GRC are highly preferable.
- Strong understanding of cybersecurity governance frameworks, risk management practices, and compliance.
- Knowledge of KSA-specific regulations like NCA, SAMA, and ISO 27001
