Jobs / Cyber Security Engineer Jobs / Cybersecurity GRC Specialist
Saudi , Riyadh
--
Company
Apply on the Job Website

Job Details

Gender Not Mentioned
Education Bachelor of Science
Category Information Technology
Industry Banking

Job Description

Roles & Responsibilities

Role Overview

The Cybersecurity GRC Specialist plays a critical role in maintaining SiFi s cybersecurity compliance posture and ensuring audit readiness across all regulatory frameworks.

This role is responsible for managing the full Governance , Risk, and Compliance (GRC) lifecycle including evidence management, policy governance, risk tracking, and KPI/KRI reporting ensuring that all cybersecurity controls are measurable, defensible, and aligned with regulatory expectations.

Key Responsibilities:

1. Regulatory Compliance & Audit Readiness

  • Maintain and manage the compliance tracker across SAMA CSF, PDPL/NDMO, and PCI-DSS
  • Own the full evidence lifecycle: collection, validation, and documentation
  • Ensure continuous audit readiness with traceable, control-aligned evidence
  • Track regulatory findings and remediation plans, ensuring timely closure
  • Provide regular compliance status reports to the CISO and relevant committees

2. Governance & Policy Management

  • Develop and maintain cybersecurity policies, standards, and procedures
  • Ensure documentation aligns with SiFi governance structure and regulatory expectations
  • Manage document lifecycle (versioning, approvals, reviews)
  • Map all policies and procedures to SAMA CSF controls

3. Cyber Risk Management

  • Maintain and update the cybersecurity risk register
  • Conduct third-party risk assessments (TPRA) and vendor due diligence
  • Support risk reviews and reporting cycles
  • Collaborate with Risk and Compliance teams to align enterprise risk frameworks

4. KPI / KRI Monitoring & Reporting

  • Collect and validate cybersecurity KPIs/KRIs from relevant stakeholders
  • Maintain a centralized KPI/KRI tracker
  • Prepare periodic reports with trend analysis to support regulatory maturity (Level 3+)
  • Identify and escalate performance gaps

Desired Candidate Profile

  • 1 year in a dedicated Cybersecurity GRC role
  • Hands-on experience with SAMA CSF compliance within regulated entities
  • Experience in audit evidence preparation and regulatory assessments
  • Strong background in drafting cybersecurity policies and procedures
  • Experience using GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, etc.)
  • Bachelor s degree in Cybersecurity, Information Security, Computer Science, or related field
  • Certifications in ISO 27001 Lead Implementer / Lead Auditor, Security+, (ISC) CC, CGRC or CISA or CRISC
  • Speaks English and Arabic

Preferred Qualifications

  • Experience with PDPL and NDMO regulations
  • PCI-DSS compliance exposure
  • Knowledge of cloud security (AWS, Azure, GCP, OCI)
  • Experience in fintech or financial services
  • Familiarity with frameworks like ISO 27001, NIST, COBIT

Similar Jobs

Apply on the Job Website