Cybersecurity GRC Lead

About the role

The Cybersecurity GRC Lead will design, implement and oversee the governance, risk and compliance (GRC) framework for our organization, ensuring alignment with regulatory requirements, industry standards and business objectives. This role partners with multiple departments to embed security controls and promote a culture of cyber‑awareness.

Key responsibilities

• Develop and maintain cybersecurity policies, procedures and control documentation.
• Lead awareness, phishing and security training programmes across the company.
• Ensure policies are regularly updated, communicated and enforced.
• Align governance artefacts with NCA ECC, ISO 27001 and relevant legal obligations.
• Conduct risk assessments, maintain the risk register and define treatment plans.
• Verify compliance with NCA ECC, ISO 27001 and Saudi PDPL requirements.
• Perform third‑party and vendor risk assessments and due‑diligence reviews.
• Track remediation actions and prepare for internal and external audits.
• Maintain dashboards that report compliance posture and control performance.
• Design, distribute and monitor employee security training and phishing simulations.
• Collaborate with HR on secure onboarding and off‑boarding processes.
• Maintain an evidence repository for audit and compliance tracking.
• Map security controls to NCA ECC domains and document maturity levels.
• Support the Risk & Compliance Specialist with reporting and updates.

Required profile

• Bachelor’s degree in information security, IT governance, law or business with a security focus.
• 3–5 years of experience in cybersecurity compliance, audit or GRC.
• Proven experience implementing and managing an ISMS and related compliance frameworks.

Required skills

• Strong knowledge of ISO 27001, NCA ECC and Saudi PDPL.
• Experience with risk assessment methodologies and third‑party risk reviews.
• Ability to create and maintain policy documentation and compliance dashboards.