img
Contract TypeFull-time
Workplace typeOn-site
LocationRiyadh

Job Description

About the Role

NourNet is seeking an experienced Governance Risk Compliance (GRC) Specialist to join a client's technology team in Riyadh. This full-time, on-site position focuses on establishing and maintaining robust cybersecurity governance and risk management frameworks. The primary objective is to ensure alignment with regulatory and industry standards, contributing to a secure and compliant technological environment. The ideal candidate will possess a strong background in secure-by-design principles, cloud security, and enterprise architecture governance, with a proven track record in the financial services sector.

Key Responsibilities

  • Maintain and update cybersecurity policies, standards, and procedures for the client, ensuring alignment with SAMA, NCA ECC, ISO 27001, NIST CSF, and applicable local regulations.
  • Lead periodic cyber risk assessments across systems, projects, and business processes.
  • Maintain and manage the Cyber Risk Register, including recording risks, assigning owners, documenting mitigation plans, and tracking their status.
  • Coordinate risk treatment activities with business and IT owners, encompassing risk acceptance and mitigation tracking.
  • Produce governance reporting and dashboards, including Key Risk Indicators (KRIs), for management and risk committees.
  • Ensure Security Operations Center (SOC) operational activities map effectively to governance requirements and control frameworks.
  • Support regulatory self-assessments, gap analyses, and remediation planning.
  • Manage exceptions and control deficiencies through formal governance processes.
  • Provide stakeholder engagement, training, and awareness initiatives to ensure successful governance adoption.

Qualifications and Experience

  • A minimum of 7 years of experience in Governance, Risk, and Compliance (GRC) or cyber risk roles, with a preference for experience within banking or financial services.
  • Bachelor's degree in Computer Science, Information Security, Risk Management, or a related field.

Required Skills and Knowledge

  • Strong knowledge of ISO 27001, NIST CSF, and regional banking regulations such as SAMA and NCA ECC.
  • Secure-by-design principles.
  • Cloud security.
  • Enterprise architecture governance.
  • Cybersecurity policies, standards, and procedures development and maintenance.
  • Risk assessments and cyber risk management.
  • Cyber Risk Register management.
  • Risk treatment and mitigation planning.
  • Governance reporting and Key Risk Indicator (KRI) development.
  • Alignment of SOC operational activities with governance.
  • Regulatory self-assessments and gap analyses.
  • Remediation planning.
  • Exception management and control deficiency handling.
  • Stakeholder engagement, training, and awareness.
  • Excellent stakeholder management and communication skills.

Preferred Certifications

  • CISA (Certified Information Systems Auditor)
  • CRISC (Certified in Risk and Information Systems Control)
  • ISO 27001 Lead Implementer or Lead Auditor (or equivalent certification)

Work Environment

This is a full-time, on-site position located in Riyadh, Saudi Arabia.


Requirements

  • Requires 5-10 Years experience

Similar Jobs