Cybersecurity GRC Manager

We are seeking a Cybersecurity GRC Manager to join our team in Riyadh, Saudi Arabia. In this role, you will lead the development and implementation of our information security governance, risk management, and compliance (GRC) program. You will ensure our cybersecurity policies and procedures meet business objectives and regulatory requirements, including frameworks while proactively identifying and mitigating cybersecurity risks.

Responsibilities:

Governance

• Develop and maintain cybersecurity policies, standards, and procedures.
• Promote security awareness and ensure adherence to security frameworks (e.g., SAMA, NCA, ISO 27001).
• Provide guidance to business units regarding information security best practices.

Risk Management

• Lead the identification, assessment, and prioritization of information security risks.
• Oversee the risk assessment process, including third-party/vendor risk management.
• Develop risk treatment plans and track remediation efforts.
• Report on key risk and compliance metrics to senior management and the board.

Compliance

• Ensure compliance with all applicable laws, regulations, and industry standards
• Interpret, implement, and maintain controls aligned with Cybersecurity Frameworks requirements, ensuring continuous readiness for regulatory reviews and audits.
• Manage internal and external audits, including evidence collection and remediation.
• Maintain up-to-date documentation for compliance requirements and certifications.

Framework Alignment

• Map organizational controls and processes to identifying gaps and overseeing remediation.
• Monitor updates and changes to cybersecurity frameworks requirements, and adjust organizational policies and controls as needed.
• Coordinate and submit periodic reports and self-assessments

Awareness and training

• Lead security awareness and training initiatives.
• Design, implement, and lead comprehensive security awareness and training programs for all employees and relevant third parties.
• Conduct regular training sessions, phishing simulations, and targeted workshops to address current and emerging threats.
• Evaluate the effectiveness of awareness programs through testing and feedback, and continuously improve content and delivery.

Business Continuity

• Collaborate with relevant stakeholders to develop, implement, and test business continuity and disaster recovery plans from a cybersecurity perspective.
• Ensure critical assets and data are protected and can be restored in the event of a disruption.
• Conduct regular reviews and exercises to validate business continuity plans and update them based on lessons learned and evolving threats.
• Provide guidance on integrating cybersecurity requirements into overall business continuity management.

Requirements:

• Bachelor's degree in Cybersecurity, Information Security, or an IT related field.
• 5+ years of experience in Cybersecurity, GRC, or IT compliance.
• Professional certifications such as CISSP, CISM, CRISC, CISA, or similar are preferred.
• Experience working with Cybersecurity frameworks (e.g., SAMA, NCA, ISO 27001).