We're hiring a Senior GRC Specialist - Cybersecurityfor a Saudi-based Managed Cybersecurity Services Provider, that to be a millstone member of their Information Security and Compliance function for their Customers.
Roles and Responsibilities:
Maintains a deep knowledge of risk mitigation principles and techniques of the international risk and security standards in order to manage compliance with such standards and regulations including ISO 27001, ISO 27005, NCA ECC, NIST, PCI/DSS, and more other frameworks.
Conduct technical risk assessments and collaborate/communicate in a simple, clear, and concise manner to the various communities within our organization.
Develop the required CyberSecurity controls and policies to support the customer governance and compliance objectives.
Support our customer for Cybersecurity Risk Assessments and work closely with our third-party assessor on certification audits to obtain and/or maintain certifications.
Assist with analysis and documentation of audit remediation actions related to security.
Review the technical design and SDLC documentation with the technical experts to assure controls and policies implementations.
Work as a function consultant to implement the GRC platform.
Provide guidance and share best practices for design and implementation of the GRC platforms.
RequirementsEducation Bachelor’s degree in IT or a related field from an accredited university.
Technical Skillset
At least 10 years of advanced IT skills with a high level of information security or compliance experience.
At least 5 years’ experience as Cybersecurity GRC Specialist developing security Policies, GRC practices and guidelines based on best practices and industry standards.
Hands on experience of fulfilling requirements of Saudi National CyberSecurity Authority and Saudi Digital Government Authority.
The ability to work across multiple frameworks and regulatory standards including, but not limited to: NIST CSF, CIS20, ISO, GDPR, CCPA, NYDFS, SOX, NCA ECC and HIPAA
Experience with information security frameworks and standards as well as risk management processes is a must.
Hands on one or more of the world’s leading GRC platforms.
Experienced with performing information security audits processes or risk assessments.
Expertise with security policy development, deployment, and adoption acceleration.
Soft Skillset
Demonstrates understanding and use of basic project management methodologies, including the ability to plan, manage and maintain a complex, organization-wide long-term programs.
Strong technical writing and interpersonal skills with ability to communicate effectively verbally
Maintains a passion to learn and research technical skills relevant in a highly complex environment.
Demonstrates resilience and flexibility in a rapidly changing environment to explore different strategies and achieve desired outcomes.
Possesses a high degree of independence, integrity, and confidentiality while able to develop independently and deliver presentations and can respond to questions.
Highly organized and able to multi-task and manage concurrent deadlines and able to contribute to effectively and lead working groups.
Comfortable working in cross functional and multidisciplinary teams
Mentors and coaches colleagues and seeks opportunities for continuous improvement.
Certification (Has at least the following certifications:)
