Cybersecurity GRC Specialist
Riyadh, Riyadh Province, Saudi Arabia · Full Time
Be the first to apply
- Experience
- 2+ yrs
- Salary
- —
- Openings
- 1
- Posted
- 6 days ago
- Work mode
- In office
- Education
- Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related field
- Eligibility
- Candidates with a background in cybersecurity GRC, regulatory compliance, audit evidence management, policy governance, risk tracking, and KPI/KRI reporting may apply. Preference will be given to professionals with experience in regulated environments, fintech or financial services, and fluency in…
- Resume
- Required to apply
Where you'll work
Job description
About SiFi
SiFi is an expanding B2B fintech business focused on spend management and card issuance services. Its platform is designed to help organizations gain tighter control over company spending, simplify expense processes, and improve operational efficiency.
Role Summary
The Cybersecurity GRC Specialist will support SiFi’s cybersecurity compliance and keep the organization prepared for audits across applicable regulatory requirements. This position covers the end-to-end governance, risk, and compliance function, including control evidence handling, policy oversight, risk monitoring, and KPI/KRI reporting. The goal is to ensure cybersecurity controls remain measurable, supportable, and aligned with regulatory expectations.
Regulatory Compliance and Audit Preparedness
- Oversee the compliance tracker covering SAMA CSF, PDPL/NDMO, and PCI-DSS obligations.
- Manage the complete evidence process, from gathering and reviewing to organizing and documenting supporting materials.
- Keep the organization continuously ready for audits by maintaining evidence that is traceable and mapped to controls.
- Follow up on regulatory observations and remediation actions to ensure they are resolved on time.
- Share regular compliance updates with the CISO and the relevant governance committees.
Governance and Policy Administration
- Create, update, and maintain cybersecurity policies, standards, and procedures.
- Ensure documentation is consistent with SiFi’s governance framework and regulatory requirements.
- Handle document control activities such as version management, approvals, and periodic reviews.
- Align policies and procedures with SAMA CSF control requirements.
Cyber Risk Management
- Maintain the cybersecurity risk register and keep it current.
- Carry out third-party risk assessments and vendor due diligence reviews.
- Assist with recurring risk review and reporting activities.
- Work with Risk and Compliance teams to keep enterprise risk practices aligned.
KPI and KRI Monitoring
- Gather and verify cybersecurity KPI/KRI inputs from the relevant stakeholders.
- Maintain a single, centralized tracker for all KPI/KRI metrics.
- Prepare recurring reports with trend analysis to support regulatory maturity targets at Level 3+.
- Spot gaps in performance and escalate them when needed.
Requirements
- At least 2 years of experience specifically in a Cybersecurity GRC position.
- Practical experience with SAMA CSF compliance in a regulated environment.
- Prior involvement in audit evidence preparation and regulatory review processes.
- Strong capability in writing and maintaining cybersecurity policies and procedures.
- Experience working with GRC tools such as Archer, ServiceNow GRC, OneTrust, or similar platforms.
- Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related discipline.
- Relevant certifications such as ISO 27001 Lead Implementer/Lead Auditor, Security+, (ISC)² CC, CGRC, CISA, or CRISC.
- Fluency in both English and Arabic.
Preferred Background
- Exposure to PDPL and NDMO requirements is an advantage.
- Experience supporting PCI-DSS compliance is preferred.
- Knowledge of cloud security across AWS, Azure, GCP, or OCI is useful.
- Background in fintech or financial services is preferred.
- Familiarity with frameworks such as ISO 27001, NIST, and COBIT is beneficial.