Cybersecurity GRC Specialist

Sifi

Key Responsibilities:

• Maintain and manage the compliance tracker across SAMA CSF, PDPL/NDMO, and PCI-DSS
• Own the full evidence lifecycle: collection, validation, and documentation
• Ensure continuous audit readiness with traceable, control-aligned evidence
• Track regulatory findings and remediation plans, ensuring timely closure
• Provide regular compliance status reports to the CISO and relevant committees

2. Governance & Policy Management

• Develop and maintain cybersecurity policies, standards, and procedures
• Ensure documentation aligns with SiFi governance structure and regulatory expectations
• Manage document lifecycle (versioning, approvals, reviews)
• Map all policies and procedures to SAMA CSF controls

3. Cyber Risk Management

• Maintain and update the cybersecurity risk register
• Conduct third-party risk assessments (TPRA) and vendor due diligence
• Support risk reviews and reporting cycles
• Collaborate with Risk and Compliance teams to align enterprise risk frameworks

4. KPI / KRI Monitoring & Reporting

• Collect and validate cybersecurity KPIs/KRIs from relevant stakeholders
• Maintain a centralized KPI/KRI tracker
• Prepare periodic reports with trend analysis to support regulatory maturity (Level 3+)
• Identify and escalate performance gaps

Requirements:

• Minimum 2 years in a dedicated Cybersecurity GRC role
• Hands-on experience with SAMA CSF compliance within regulated entities
• Experience in audit evidence preparation and regulatory assessments
• Strong background in drafting cybersecurity policies and procedures
• Experience using GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, etc.)
• Bacheloru2019s degree in Cybersecurity, Information Security, Computer Science, or related field
• Certifications in ISO 27001 Lead Implementer / Lead Auditor, Security+, (ISC) CC, CGRC or CISA or CRISC
• Speaks English and Arabic