Cyber Security GRC Specialist

About the Role

We are looking for a Cyber Security GRC Specialist to help strengthen governance, risk management, compliance, and security awareness across the organization. The position supports the protection of information assets, cloud systems, and data by building effective governance practices, improving compliance, and reducing cyber risk.

About the Company

The organization operates in Saudi Arabia with a focus on building resilience through cybersecurity governance, regulatory compliance, and risk management. Its work is aligned with the Kingdom of Saudi Arabia’s regulatory requirements and international good practices.

Responsibilities

• Build, update, and maintain cybersecurity policies, standards, and governance frameworks.
• Track and verify compliance with approved security policies and control requirements.
• Prepare regular governance and risk updates for senior leadership and the CISO.
• Keep cybersecurity records and documentation current and aligned with relevant standards.
• Carry out cybersecurity risk assessments across business areas and cloud environments.
• Identify, assess, and rank cyber risks based on impact and likelihood.
• Maintain the risk register and keep it updated throughout the remediation cycle.
• Coordinate corrective actions and follow through until risks and audit issues are resolved.
• Ensure alignment with KSA regulatory requirements such as NCA ECC and SAMA CSF, as well as ISO 27001.
• Support both internal and external audit processes.
• Review how well technical and administrative security controls are working.
• Draft and submit compliance reports required by regulators or stakeholders.
• Help develop and maintain Business Continuity and Disaster Recovery plans.
• Assist with Business Impact Analysis activities.
• Take part in testing continuity and recovery procedures.
• Contribute to incident response efforts to reduce operational disruption.
• Support cybersecurity awareness campaigns and training efforts across the organization.
• Help administer awareness tools and related programs.
• Encourage a strong security culture and reinforce employee responsibilities around cyber risks.

Requirements

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related discipline.
• 2 to 4 years of experience in Cybersecurity GRC or a closely related role.
• Solid understanding of governance frameworks, risk management approaches, and compliance practices.
• Working knowledge of Saudi regulatory requirements, including NCA and SAMA, plus ISO 27001.
• Practical experience with GRC tools is preferred.
• Preferred certifications include ISO 27001 Lead Implementer and CompTIA Security+.
• Additional GRC-related certifications are considered an advantage.

Eligibility

Professionals with a background in cybersecurity, information security, or a related field who have hands-on GRC experience and are able to work full-time onsite in Jeddah, Saudi Arabia.

Preferred Certifications

• ISO 27001 Lead Implementer
• CompTIA Security+
• Any other relevant governance, risk, or compliance certification