Cybersecurity GRC Specialist
About This Role
About SiFi
SiFi is a fast-growing B2B FinTech company specializing in spend management and card issuance solutions. We help companies take control of their spending, streamline expense workflows, and operate with greater efficiency.
Role Overview
The Cybersecurity GRC Specialist plays a critical role in maintaining SiFi’s cybersecurity compliance posture and ensuring audit readiness across all regulatory frameworks.
This role is responsible for managing the full Governance, Risk, and Compliance (GRC) lifecycle — including evidence management, policy governance, risk tracking, and KPI/KRI reporting — ensuring that all cybersecurity controls are measurable, defensible, and aligned with regulatory expectations.
Key Responsibilities:
1. Regulatory Compliance & Audit Readiness
- Maintain and manage the compliance tracker across SAMA CSF, PDPL/NDMO, and PCI-DSS
- Own the full evidence lifecycle: collection, validation, and documentation
- Ensure continuous audit readiness with traceable, control-aligned evidence
- Track regulatory findings and remediation plans, ensuring timely closure
- Provide regular compliance status reports to the CISO and relevant committees
2. Governance & Policy Management
- Develop and maintain cybersecurity policies, standards, and procedures
- Ensure documentation aligns with SiFi governance structure and regulatory expectations
- Manage document lifecycle (versioning, approvals, reviews)
- Map all policies and procedures to SAMA CSF controls
3. Cyber Risk Management
- Maintain and update the cybersecurity risk register
- Conduct third-party risk assessments (TPRA) and vendor due diligence
- Support risk reviews and reporting cycles
- Collaborate with Risk and Compliance teams to align enterprise risk frameworks
4. KPI / KRI Monitoring & Reporting
- Collect and validate cybersecurity KPIs/KRIs from relevant stakeholders
- Maintain a centralized KPI/KRI tracker
- Prepare periodic reports with trend analysis to support regulatory maturity (Level 3+)
- Identify and escalate performance gaps
Requirements
- Minimum 2 years in a dedicated Cybersecurity GRC role
- Hands-on experience with SAMA CSF compliance within regulated entities
- Experience in audit evidence preparation and regulatory assessments
- Strong background in drafting cybersecurity policies and procedures
- Experience using GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, etc.)
- Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or related field
- Certifications in ISO 27001 Lead Implementer / Lead Auditor, Security+, (ISC)² CC, CGRC or CISA or CRISC
- Speaks English and Arabic
Preferred Qualifications
- Experience with PDPL and NDMO regulations
- PCI-DSS compliance exposure
- Knowledge of cloud security (AWS, Azure, GCP, OCI)
- Experience in fintech or financial services
- Familiarity with frameworks like ISO 27001, NIST, COBIT
Similar Jobs
Senior Cybersecurity GRC Specialist
TAWANTECH · Riyadh
**Summary:** Manage cybersecurity governance, risk, and compliance activities aligned with SAMA CSF, NCA, and ISO 27001, ensuring effective security controls and regulatory compliance. **Responsibilities:** Conduct cyber
3 days ago
Generate Resume ↗Senior Cybersecurity GRC Specialist
TAWANTECH · الرياض
**Summary:** Manage cybersecurity governance, risk, and compliance activities aligned with SAMA CSF, NCA, and ISO 27001, ensuring effective security controls and regulatory compliance. **Responsibilities:** Conduct cyber
3 days ago
Generate Resume ↗Cybersecurity GRC Specialist
Talent 360 ME · Riyadh
**About SiFi** SiFi is a fast\-growing B2B FinTech company specializing in spend management and card issuance solutions. We help companies take control of their spending, streamline expense workflows, and operate with gr
2 weeks ago
Generate Resume ↗Cybersecurity GRC Specialist
Sifi · Riyadh
Manage compliance tracking, develop cybersecurity policies, conduct risk assessments, and prepare audit evidence while ensuring regulatory alignment and reporting.
2 weeks ago
Generate Resume ↗Senior Cybersecurity GRC Specialist
Mozn · Riyadh
Conduct risk assessments, ensure compliance with regulations, develop cybersecurity policies, and understand cloud security and AI risks.
4 weeks ago
Generate Resume ↗Cybersecurity GRC Manager
Hala · Riyadh
Develop and implement cybersecurity governance, manage risk assessments, ensure compliance with regulations, and oversee audits and reporting.
1 months ago
Generate Resume ↗Cybersecurity GRC Manager
HALA · Riyadh
**Who Are We** HALA is a leading fintech player in the MENAP region that aims to redefine financial services and build the future bank of SMEs. HALA aims at empowering SMEs to start, run, and grow their businesses by pro
1 months ago
Generate Resume ↗Cybersecurity GRC Specialist
Beehive Fintech · Jeddah
**We’re Hiring: Cybersecurity GRC Specialist** **Location:** Jeddah, Saudi Arabia (On\-site) **Role Overview** We are seeking a proactive and detail\-oriented professional with a strong passion for governance, risk, and
1 months ago
Generate Resume ↗Senior Cybersecurity GRC Specialist
MOZN · Riyadh
**About Mozn** MOZN is a leading Enterprise AI company enabling organizations to make informed decisions in two critical domains: Financial Crime Prevention and Enterprise Knowledge Intelligence. We’re a diverse, collabo
1 months ago
Generate Resume ↗Stop applying blindly.
Start getting hired.
Base Career automates the hardest parts of job searching — apply smarter, not harder.
AI Resume in 60s
Your resume rewritten for this exact role using the job description as the brief.
ATS-Optimized
Get past automated screening filters with the right keywords matched to each job.
Application Tracker
Track every job, follow-up, and interview in one visual kanban board.
Free plan · No credit card required