Senior GRC Specialist
Key Responsibilities:
Cyber security governance:
- Develop and implement cybersecurity governance including: policies, procedures and standards.
- Communicate policies, standard and procedure to relevant stakeholders and follow-up the implementation.
- Ensure cyber security requirements are included in project objectives and cyber security function is part of all phases of the project.
- Define, implement and follow-up of the cyber security training and awareness program with the company’s employees and customers.
- Managing requests for exceptions from policies and ensuring that the necessary controls are applied.
Cyber security risk management:
- Performed risk assessment at the start of the project to ensure that cyber security requirements are addressed either by the existing cyber security controls (based on cyber security standards) or to be developed.
- Defining the methodology and procedures for managing cyber security risks, applying them and reviewing them periodically.
- Implement the Security Risk Assessment methodology, policy, standard and process.
- Preparing risk assessment reports and obtain the CISO approval.
- Update the risk register, notify appropriate stakeholders, meet with business leaders where necessary, and help to drive risk to an acceptable level.
- Monitor the company’s cyber security risk profile and risk appetite to achieve optimal balance between business risk and opportunities.
Cyber security compliance:
- Develop, implementing and monitor the cybersecurity compliance program and reviewing it annually.
- Preparing reports of compliance with cyber security requirements and obtain the CISO approval.
- Recommend changes/enhancements to company’s policies based upon the evolving threat landscape.
- Build and maintain knowledge repository to facilitate audits, knowledge transfer and sharing.
- Manage requests of internal and external auditors, incl. the establishment of a program of audit and verification of compliance with both company’s polices and the SAMA CSF cooperation.
Requirements:
- 3-4 years of experience in Governance, Risk, and Compliance (GRC) in Cybersecurity.
- Deep knowledge of risk and compliance management in the field of information security.
- Experience with implementing the related frameworks from SAMA, NCA and NDMO.
- Bachelor’s Degree in Cybersecurity, IT, or related field.
- Preferred professional certifications: CISA, CRISC, ISO27001.