GRC Specialist

Responsibilities

• Support the execution of GRC activities, including governance, risk management, and compliance tasks.
• Conduct security audits and compliance assessments against Saudi and international frameworks.
• Assess cybersecurity controls, identify compliance gaps, and support the development of remediation plans.
• Build cybersecurity strategies and roadmaps aligned with customer business needs and regulatory requirements.
• Develop, review, and maintain cybersecurity policies, procedures, and standards.
• Conduct risk assessments and support the tracking of risk mitigation actions.
• Gather audit evidence and coordinate with internal and external stakeholders.
• Prepare reports, findings, and gap analysis summaries for management and stakeholders.

Requirements

• Bachelor's degree in Cybersecurity, Information Security, Computer Science, IT, or a related field.
• Minimum of 3 years of experience in GRC, cybersecurity, compliance, or risk management.
• Hands-on experience in security audits, compliance assessments, and gap analysis.
• Strong knowledge of Saudi cybersecurity frameworks including Aramco CCC, CST, NCA (ECC, OTCC, DCC), and SAMA.
• Understanding of international standards such as ISO 27001, NIST, or CIS Controls.
• Strong analytical, documentation, and report writing skills.

Preferred Qualifications

• ISO 27001 Lead Implementer and/or Lead Auditor certification.
• Professional certifications such as CISSP, CISM, CISA, or CRISC.
• Experience working with cybersecurity consulting firms or in regulated industries.
• Experience preparing executive-level reports and compliance dashboards.

About the Company

Managed Services provides expert cybersecurity solutions to help organizations navigate complex regulatory landscapes and strengthen their security posture.