GRC Expert

COGNNA

Employer Active

Posted 3 hrs ago

Experience

4 - 9 Years

Job Location

Riyadh - Saudi Arabia

Education

Any Graduation

Nationality

Any Nationality

Gender

Not Mentioned

Vacancy

1 Vacancy

Job Description

Roles & Responsibilities

We are seeking a GRC Expert with 4+ years of hands-on experience to support the operation of our GRC department. This role requires a strong background in international certification frameworks (ISO 27001, SOC 2), comprehensive Risk Management experience, and specific expertise in Identity and Access Management (IAM) governance. You will be instrumental in leveraging our automated compliance platform (Vanta) to streamline evidence collection, manage audits, and ensure continuous compliance.

Compliance & Certification Management

  • Lead the preparation and execution of external audits for ISO 27001 and SOC 2 (Type 1 & 2) certifications.
  • Manage compliance with local Saudi regulations, specifically NCA ECC and SAMA cybersecurity frameworks.
  • Utilize the Vanta platform to map internal controls to regulatory requirements (Custom Frameworks) and automate evidence collection.
  • Monitor compliance posture daily, ensuring all automated tests in Vanta are passing and remediating gaps promptly.

Identity & Access Management (IAM) Governance

  • Oversee the IAM lifecycle from a governance perspective, ensuring "Least Privilege" and "Need-to-Know" principles are enforced.
  • Manage and execute Quarterly Access Reviews (User Access Reviews) campaigns within Vanta.
  • Monitor Identity Provider (IdP) integrations (e.g., Okta, Azure AD, Google Workspace) to ensure 100% MFA adoption and timely offboarding of terminated users.
  • Review and approve privileged access requests and ensure proper documentation of business needs.

Risk Management

  • Maintain and update the organizational Risk Register.
  • Conduct periodic risk assessments, identifying threats and vulnerabilities, and tracking risk treatment plans to closure.
  • Perform Third-Party Risk Management (TPRM) assessments for new and existing vendors.

Policy & Audit Operations

  • Review and update information security policies and procedures annually or as needed.
  • Coordinate internal audits and pre-assessments to ensure readiness for external certification bodies.
  • Assist in responding to client security questionnaires and maintaining the Vanta Trust Center.
  • Deep understanding of ISO 27001 and SOC 2 controls.
  • Familiarity with NCA ECC and SAMA regulations.
  • Experience with automated GRC platforms.
  • Solid understanding of IAM concepts (RBAC, SSO, MFA, PAM).
  • Proficiency in risk assessment methodologies (e.g., ISO 27005, NIST SP 800-30).

Desired Candidate Profile

  • Minimum of 4 years of dedicated experience in GRC, Information Security, or IT Audit.

Certifications

  • Holding at least one relevant certification is preferred (e.g., CISA, CISM, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor).

Soft Skills

  • Excellent communication skills in English (Arabic is a strong plus).
  • Ability to work independently and manage multiple audit timelines simultaneously.
  • Strong analytical and problem-solving skills.

Company Industry

  • IT - Software Services

Department / Functional Area

  • IT Software

Keywords

  • GRC Expert

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com

COGNNA

https://apply.workable.com/cognna/j/594E763758/