GRC Specialist

Overview

GRC Specialist

Key Responsibilities

• Support the execution of GRC activities, including governance, risk management, compliance, and audit-related tasks
• Conduct and support security audits and compliance assessments against Saudi and international cybersecurity frameworks
• Assess cybersecurity controls, identify compliance gaps, and support the development of remediation plans
• Build cybersecurity strategies and roadmaps aligned with customers' business needs and regulatory requirements
• Develop, review, and maintain cybersecurity policies, procedures, standards, and related documentation
• Conduct risk assessments and support the tracking of risk mitigation actions
• Gather audit evidence and coordinate with internal and external stakeholders during assessment activities
• Prepare reports, findings, gap analysis summaries, and status updates for management and stakeholders
• Support customers in improving their cybersecurity governance and compliance maturity
• Contribute to the continuous improvement of GRC processes, templates, and methodologies

Requirements

• Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field.
• Minimum of
• 3 years of experience
• in GRC, cybersecurity, compliance, risk management, audit, or a related area.
• Hands-on experience in security audits, compliance assessments, gap analysis, or control reviews.
• Good knowledge of Saudi cybersecurity frameworks and regulatory requirements, especially:
• Aramco CCC
• CST cybersecurity requirements
• NCA frameworks such as ECC, OTCC, DCC, and CCC
• SAMA cybersecurity requirements, including CSF, MVC, and CRFR
• Understanding of information security standards and control frameworks such as ISO 27001, NIST, CIS Controls, or similar.
• Strong analytical skills and attention to detail.
• Good report writing, documentation, and communication skills.
• Ability to work collaboratively with cross-functional teams and customer stakeholders.
• Ability to manage multiple tasks and support projects within agreed timelines.

Preferred Qualifications

• ISO 27001 Lead Implementer and/or Lead Auditor certification
• Professional certifications such as CISSP, CISM, CISA, CRISC, or similar
• Experience working with cybersecurity consulting firms or regulated industries
• Experience preparing executive-level reports, dashboards, or compliance presentations
• Familiarity with risk registers, compliance trackers, audit evidence collection, and remediation follow-up