GRC Specialist (KSA National)

At Zaintech we are proud of our culture and how it drives everything we do. We are looking for individuals who share our values and want to be part of a unique and engaging culture that revolves around collaboration and innovation. If you are looking for a role where you can drive engagement and excellence across teams through commitment and collaboration, and are someone who is customer‑centric and appreciates an organization with uncompromised integrity that focuses on employee engagement then read on to learn more about how you can become part of the Zaintech family.

At Zaintech we strictly adhere to our code of conduct, which is there to serve as a moral compass, offering a framework for responsible behaviours and enabling ethical choices that cultivate positive relationships and a better future. It also outlines policies, standards, and procedures for our global operations, promoting integrity and ethical excellence across the countries we engage with.

Every year, all employees are required to review, comprehend, confirm, and adhere to the code of conduct. Additionally, all newly hired employees are subject to the same as part of their onboarding process.

Develops, updates and maintains cybersecurity policies to support and align with an organization’s cybersecurity requirements. Identifies, assesses and manages an organization’s cybersecurity risks to protect its information and technology assets. Ensures an organization’s cybersecurity program complies with applicable requirements, policies and standards.

• Develop and review cybersecurity policies and related documentation with stakeholders.
• Establish and maintain appropriate communication channels with stakeholders.
• Conduct and review Cybersecurity Awareness program.
• Promote awareness of cybersecurity policy and strategy as appropriate among the organization's management and staff.
• Monitor how effectively cybersecurity policies, principles and practices are implemented in the delivery of planning and management services.
• Conduct an initial risk assessment of stakeholder assets and update the risk assessment on an ongoing basis.
• Review, conduct, or participate in audits of cyber programs and projects.
• Develop risk mitigation strategies to effectively manage risk in accordance with organizational risk appetite.
• Ensure that decisions relating to cybersecurity are based on sound risk management principles.
• Perform risk analysis whenever an application or system undergoes a major change.
• Ensure cybersecurity risks are identified and managed appropriately through the organization's risk governance process.
• Use continuous monitoring tools to assess risk on an ongoing basis.
• Evaluate cybersecurity aspects of contracts to ensure compliance with financial, contractual, legal and regulatory requirements.
• Recognize patterns of non‑compliance with cybersecurity policies and related documentation to identify ways to improve the documentation.
• Periodically review cybersecurity strategy, policies and related documents to maintain compliance with applicable legislation and regulation.
• Work with stakeholders to resolve cybersecurity incidents and vulnerability compliance issues.
• Develop specifications to ensure that risk, compliance and assurance efforts conform with cybersecurity requirements.
• Monitor and evaluate a system's compliance with cybersecurity, resilience and dependability requirements.
• Provide support to compliance activities as necessary.
• Maintain knowledge of applicable legislation, regulation and accreditation standards and regularly review these to ensure continued organizational compliance.

• Knowledge of network components, their operation and appropriate network security controls and methods.
• Knowledge and understanding of risk assessment, mitigation and management methods.
• Knowledge of relevant cybersecurity aspects of legislative and regulatory requirements, NCA ECC / CCC, SAMA CSF etc.

• Education: Bachelor’s in Computer Science, Information Security or related field.
• Experience: 4+ years of experience in GRC.
• Relevant certifications: CRISC, CISA, ISO27001 Lead Implementer or similar will be a plus.
• Language: Very Good English and Arabic.