Senior Cybersecurity GRC Specialist

Mozn

We are seeking a highly skilled and motivated Cybersecurity GRC Specialist to join our Governance, Risk, and Compliance (GRC) team. This role is pivotal in ensuring our cybersecurity practices align with both Saudi regulatory frameworks and international standards. The ideal candidate will possess hands-on experience in conducting risk assessments, demonstrate expertise in compliance, and have a solid understanding of cloud environments and their associated risks.

What you'll do

• Conduct comprehensive cybersecurity risk assessments across business units and IT systems.
• Ensure compliance with Saudi regulatory frameworks including NCA ECC, SAMA CSF, and PDPL.
• Support audits and assessments related to regulatory and international standards.
• Develop, review, and update cybersecurity policies, procedures, and control mappings.
• Collaborate with internal stakeholders to ensure effective implementation and monitoring of security controls.
• Assist in implementing data privacy controls and breach notification procedures in line with PDPL and GDPR.
• Track and manage risk treatment plans, exceptions, and compliance gaps using GRC platforms.
• Evaluate and monitor security controls in cloud environments to ensure compliance and risk mitigation.
• Stay informed on AI technologies and assess their impact on cybersecurity posture, including risks related to data leakage, model integrity, and regulatory compliance.

Qualifications

• Bachelor s degree in Information Security, Computer Science, or a related field.
• 3 5 years of experience in cybersecurity risk management, compliance, or audit.
• Strong knowledge of NCA ECC, SAMA CSF, PDPL, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and GDPR.
• Relevant certifications such as ISO 27001 Lead Auditor, CISA, CISM, CIPM, or CRISC are preferred.
• Proficiency in English is required for documentation, communication, and collaboration across teams.
• Understanding of cloud environments and related security and compliance considerations is essential.
• Awareness of AI technologies and their associated risks