Senior Cybersecurity GRC Specialist

Role Summary

We are seeking a Senior Cybersecurity GRC Specialist to lead and strengthen our cybersecurity governance, risk, and compliance framework. The role ensures that cybersecurity policies, controls, and operational practices comply with National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC), industry standards, and internal regulatory requirements.

The position has a strong focus on Cybersecurity Compliance and Business Continuity Management (BCM), ensuring the organization maintains resilient cybersecurity operations, effective disaster recovery capabilities, and regulatory alignment across business and technology environments.

Key Responsibilities

Cybersecurity Governance

• Support development and maintenance of cybersecurity policies, standards, procedures, and guidelines.
• Ensure governance practices align with organizational risk management frameworks.
• Assist in maintaining the organization's cybersecurity governance framework.
• Provide guidance to IT and business teams regarding cybersecurity policy requirements.

Cybersecurity Compliance & Regulatory Alignment

• Support compliance with NCA Essential Cybersecurity Controls (ECC), ISO 27001, and NIST Cybersecurity Framework.
• Conduct cybersecurity compliance assessments and gap analyses.
• Monitor regulatory updates and support implementation of required controls.
• Support preparation of documentation for regulatory and compliance reviews.

Cybersecurity Risk Management

• Assist in identifying and assessing cybersecurity risks across the organization.
• Maintain the organization's cyber risk register.
• Participate in risk assessments for new technologies, projects, and systems.
• Track implementation of risk mitigation and treatment plans.

Business Continuity & Disaster Recovery (BCM)

• Support development and maintenance of cybersecurity-related business continuity and disaster recovery plans.
• Coordinate Business Impact Analysis (BIA) activities with business units.
• Ensure cybersecurity resilience capabilities support organizational business continuity requirements.
• Assist in organizing BCP and DR testing exercises.
• Document lessons learned and recommend improvements to BCM processes.

Cybersecurity Audits & Control Assurance

• Support internal and external cybersecurity audits and regulatory assessments.
• Conduct reviews of cybersecurity controls to assess effectiveness.
• Track remediation of audit findings and compliance gaps.
• Provide periodic reporting on compliance status.

Third-Party Cybersecurity Risk Management

• Assist in evaluating cybersecurity risks associated with vendors and service providers.
• Conduct vendor cybersecurity assessments and due diligence reviews.
• Ensure vendors comply with organizational cybersecurity requirements.

Qualifications & Experience

• Bachelor's degree inCybersecurity, Information Security, Computer Science, or a related field.
• Minimum 5+ years of experience in Cybersecurity GRC, Risk, or Compliance roles.
• Strong knowledge of KSA cybersecurity regulations (NCA, CST, SAMA).
• Hands-on experience with cybersecurity audits, risk assessments, and compliance management.
• Experience in business continuity and disaster recovery planning is highly desirable.
• Relevant certifications (e.g., CISA, CRISC, CISSP, ISO 27001, NCA-related certifications) are an advantage.

Technical Competencies

• Cybersecurity governance frameworks
• Cyber risk management methodologies
• Business Continuity Management (BCM)
• Disaster Recovery (DR) planning
• NCA Essential Cybersecurity Controls (ECC)
• ISO 27001 and related standards
• Third-party cybersecurity risk management
• Cybersecurity control frameworks