Cybersecurity GRC Specialist

Cybersecurity GRC Specialist

Overview

We are seeking a Cybersecurity Governance, Risk & Compliance (GRC) Specialist to develop, implement, and sustain the organization's cybersecurity governance, risk management, and compliance framework. The role ensures that all security policies, standards, and controls align with regulatory obligations and recognized industry framework effectively managing risks and strengthening the organization's security posture.

Department: Cybersecurity Governance, Risk & Compliance

Reporting to: Cybersecurity Officer

Location: Riyadh, Saudi Arabia

Experience: 4–6 years in information security or GRC functions

Education: Bachelor's degree in Information Security, Computer Science, Risk Management, or a related discipline (or equivalent experience)

Core Responsibilities

Governance

• Establish, maintain, and update cybersecurity policies, standards, and procedures in line with frameworks such as ISO 27001, NIST CSF, NCA, or COBIT.


• Support the implementation and continuous improvement of the organization's Information Security Management System (ISMS).


• Deliver training and awareness programs to enhance compliance with cybersecurity policies.


• Contribute to security governance committees and assist in reporting the organization's cybersecurity posture to executive leadership.


• Foster a culture of accountability, security awareness, and strong governance across business units.

Risk Management

• Conduct periodic information security risk assessments across infrastructure, applications, and third parties.


• Identify, assess, and track the remediation of cybersecurity risks and control weaknesses.


• Maintain risk registers and assist with developing risk treatment plans.


• Partner with IT and business stakeholders to implement effective mitigation strategies.


• Carry out vendor and project-level security due diligence to ensure compliance with internal standards.

Compliance

• Ensure organizational adherence to global and regional cybersecurity regulations (e.g., GDPR, HIPAA, PCI DSS, SOX, ISO 27001, NIST, NCA).


• Prepare for and support both internal and external audits of cybersecurity controls.


• Monitor evolving cybersecurity laws and standards, advising leadership on necessary updates or remediations.


• Maintain evidence repositories to demonstrate compliance readiness.


• Collaborate with technical teams to identify and address compliance deficiencies.

Reporting & Metrics

• Produce regular reports on risk posture, compliance status, and control effectiveness.


• Define, monitor, and communicate Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure ongoing security maturity.

Required Skills & Competencies

• Strong background in cybersecurity, risk management, and compliance frameworks.


• Practical experience implementing and maintaining GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, LogicGate).


• Excellent understanding of information security principles and risk methodologies.


• Exceptional analytical, organizational, and documentation skills.


• Proven ability to collaborate across IT, Legal, Audit, and Business functions.


• Clear communication skills (written and verbal) with strong attention to detail.


• Proactive problem-solving and negotiation abilities.


• Willingness to travel to client or branch locations as required.

Preferred Certifications

• CISM – Certified Information Security Manager


• CRISC – Certified in Risk and Information Systems Control


• CISSP – Certified Information Systems Security Professional


• CEH – Certified Ethical Hacker


• ISO 27001 Lead Implementer / Auditor


• CSSLP – Certified Secure Software Lifecycle Professional


• CompTIA Security+

Professional Development

The ideal candidate is expected to maintain current certifications and continuously upskill in emerging cybersecurity disciplines to ensure best-in-class governance and risk practices.