Role Summary
We are seeking a Senior Cybersecurity GRC Specialist to lead and strengthen our cybersecurity governance, risk, and compliance framework. The role is responsible for ensuring regulatory compliance, managing cybersecurity risks, and enhancing organizational resilience in alignment with KSA cybersecurity regulations and standards, including NCA, CST, and SAMA. The ideal candidate will play a key role in cybersecurity audits, risk assessments, compliance reviews, business continuity planning, and data privacy compliance, while working closely with internal stakeholders and leadership.
Key Responsibilities Cybersecurity Governance Develop, implement, and maintain cybersecurity governance frameworks, policies, and procedures. Monitor organizational compliance with cybersecurity policies and standards. Prepare and present governance metrics and reports to senior management and the CISO. Conduct cybersecurity awareness and training programs across the organization. Risk Management Identify, assess, and evaluate cybersecurity risks through structured risk assessments. Maintain and regularly update the cybersecurity risk register. Collaborate with stakeholders to prioritize and implement risk mitigation actions. Compliance Management Ensure compliance with KSA regulatory requirements and frameworks (NCA, CST, SAMA). Plan and conduct internal and external cybersecurity compliance audits. Prepare and submit regulatory reports to relevant authorities. Track audit findings and ensure timely closure of audit points. Business Continuity & Disaster Recovery (BC/DR) Develop, maintain, and enhance BC/DR plans aligned with business priorities. Conduct business impact and risk assessments related to operational disruptions. Coordinate BC/DR drills and disaster recovery exercises. Document test results and recommend continuous improvement actions. Monitor critical business operations for alignment with BC/DR objectives. Data Privacy & Protection Support the development and implementation of data privacy policies and procedures. Ensure compliance with Saudi Personal Data Protection Law (PDPL) and relevant international standards. Monitor effectiveness of data privacy controls and recommend improvements. Lead initial investigations of privacy incidents and escalate critical cases. Coordinate with IT, Legal, and Compliance teams to resolve privacy issues and implement corrective actions. Qualifications & Experience Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related field. Minimum 5+ years of experience in Cybersecurity GRC, Risk, or Compliance roles. Strong knowledge of KSA cybersecurity regulations (NCA, CST, SAMA). Hands-on experience with cybersecurity audits, risk assessments, and compliance management. Experience in business continuity and disaster recovery planning is highly desirable. Relevant certifications (e.g., CISA, CRISC, CISSP, ISO 27001, NCA-related certifications) are an advantage.