Develop and maintain cybersecurity governance frameworks, policies, and procedures aligned with industry standards (ISO 27001, NIST, CIS Controls, etc.).
Conduct regular reviews and updates to ensure documentation reflects current risks and regulatory requirements.
Assist in security awareness initiatives and training programs.
Identify, assess, and monitor cybersecurity risks across systems, networks, and third-party engagements.
Support risk assessment processes and develop mitigation plans in collaboration with relevant stakeholders.
Maintain the risk register and ensure effective tracking and reporting of risk status and treatment plans.
Ensure compliance with applicable standards, frameworks, and regulations (e.g., ISO 27001, GDPR, NCA ECC, SAMA CSF, NIST).
Conduct internal security audits and support external audits, certifications, and assessments.
Monitor and report on compliance gaps, recommending remediation measures.
Collaborate with Security Operations and IT Infrastructure teams to ensure alignment between policy and practice.
Participate in incident response and post-incident reviews from a governance and compliance perspective.
Support vendor risk assessments and ensure third parties meet security and compliance expectations.
Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field.
3 7 years of experience in cybersecurity, preferably with a focus on governance, risk, and compliance.
Strong understanding of security frameworks such as ISO 27001, NIST, SAMA CSF, and COBIT.
Experience with risk management tools, audit processes, and security documentation.
Knowledge of regulatory and compliance requirements (GDPR, NCA ECC, SAMA, PCI DSS, etc.).
Professional certifications are an advantage (e.g., CISA, CRISC, ISO 27001 Lead Implementer/Auditor, CISSP, CEH).
