Enable job alerts via email!
Cybersecurity Governance & Compliance Officer "GRC"
Sscegypt
Riyadh
On-site
SAR 100,000 - 150,000
Full time
Job summary
A cybersecurity firm in Riyadh is seeking a specialist to maintain governance, manage risks, and ensure compliance with industry standards. The successful candidate will support internal and external audits, perform risk assessments, and contribute to the development of cybersecurity documentation. Familiarity with NCA regulations and ISO27001 is essential. This role offers a chance to significantly impact the firm's cybersecurity posture.
Qualifications
- Experience with cybersecurity compliance frameworks such as ISO27001, NCA regulations.
- Ability to perform risk assessments and manage cybersecurity documentation.
Responsibilities
- Maintain cybersecurity governance aligned with regulations.
- Perform cybersecurity risk assessments and manage findings.
- Support internal and external audit activities for compliance.
Maintain Cybersecurity Governance: To refresh and align cybersecurity governance with regulatory requirements and best practices.
Ensure Cybersecurity Risk Management: To identify and assess cybersecurity risks to improve security posture and reduce impact.
Uphold Cybersecurity Compliance: To assure cybersecurity compliance requirements are audited and remediated accordingly.
Improve Cybersecurity GRC Operations: To enhance various GRC assessments and activities and be more agile in a fast-paced enterprise
- Perform assessments based on NCA regulations (such as ECC and OSMACC) and the client standards.
- Track findings, communicate with internal stakeholders, and validate evidences.
- Support in internal audit activities.
- Support in external audit activities (ISO27001).
- Prepare weekly and monthly status report for compliance status.
- Perform risk assessments for new solutions and third parties, as well as major technology changes.
- Maintain risk register, follow up on mitigation plan with stakeholders and validate evidences.
- Represent cybersecurity in IT demand management and IT change management.
- Participate and develop Root Cause Analysis corrective actions resulting from Cybersecurity incidents.
- Prepare weekly and monthly status report.
- Review and update cybersecurity documentation such as standards and policies, as well as other documents part of cybersecurity governance framework.
- Develop new standards, processes, and procedures.
- Monitor cyber practices and operational KPIs.
- Create a governance review plan.
The candidate should be aware of the following frameworks
- NCA – ECC National Cybersecurity Authority - Essential Cybersecurity Controls – ECC–1:2018
- NCA – CCC National Cybersecurity Authority - Cloud Cybersecurity Controls –CCC–1:2020
- NCA – TCC TCC–1:2021
- NCA – OSMACC National Cybersecurity Authority – Organization’s Social Media Accounts Cybersecurity Controls –OSMACC–1:2021
- NCA – DCC National Cybersecurity Authority - Data Cybersecurity Controls – DCC–1:2022
- NDMO National Data Management Office Regulations and Standards
- ISO27001: 2022 ISO (International Organization for Standardization) 27001 SO/IEC 27001:2022 standard for Information Security Management Systems (ISMS)
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
Follow us
