Cybersecurity GRC Expert

SWATX

Top 5 Responsibilities

1.Lead GRC engagements including cybersecurity assessments, maturity evaluations, gap analyses, and compliance improvement roadmaps.

2.Develop and implement cybersecurity governance frameworks, policies, procedures, and standards aligned with ISO 27001, NCA ECC/CCC, NIST CSF, COBIT, and sector-specific mandates.

3.Conduct enterprise risk assessments, create risk treatment plans, and drive continuous risk reduction programs with business stakeholders.

4.Manage internal/external audits, regulatory compliance initiatives, and coordinate with client teams to ensure audit readiness and control effectiveness.

5.Provide strategic advisory on cybersecurity governance, operating models, KPIs, and continuous improvement across government and enterprise environments.

Must-Have Technologies & Platforms Experience

(Not technical hands-on configuration, but exposure in a GRC context)

SIEM / SOC Technologies: Microsoft Sentinel, Splunk, IBM QRadar

Network & Security Platforms: Palo Alto, Fortinet, Cisco Security

EDR/XDR Platforms: CrowdStrike, Microsoft Defender XDR

Cloud Security: Microsoft Azure security controls, AWS Security Hub, CSP governance

GRC Tools: RSA Archer, ServiceNow GRC, MetricStream, OneTrust

Vulnerability Management: Tenable, Qualys, Rapid7

Candidates must understand control requirements, governance, integration points, reporting outputs, and compliance mapping for these technology domains.

Nice-to-Have Technologies

Knowledge of KSA-specific compliance platforms (NCA GRC portals, banking compliance portals)

Data Privacy and DLP Platforms (Microsoft Purview, Symantec, Forcepoint)

DevSecOps practices and CI/CD pipeline assessments

OT/ICS governance frameworks (NIST 800-82, IEC 62443)

Required & Preferred Certifications

Required

ISO 27001 Lead Implementer (LI) or Lead Auditor (LA)

CGRC (formerly CAP) or equivalent risk-focused certification

CISM or CISSP (one required for Lead level)

Preferred / Strong Plus

SABSA Foundation or Practitioner

COBIT 2019

ITIL 4 Foundation

NCA-specific training (ECC/CCC/CSM)

Cloud certifications: Azure Security Engineer, CCSK, CCSP

Experience Requirements

7 10 years in cybersecurity governance, compliance, and risk management roles

Proven leadership in GRC project delivery with enterprise or government clients

Experience with KSA regulatory frameworks, such as:

oNCA ECC v2 / CCC

oSAMA CSF

oCITC / CST Regulations

oNDMO Data Governance

Experience designing cybersecurity programs and managing cross-domain teams