GRC Specialist – Cybersecurity Governance, Risk & Compliance

About the role

We are seeking a motivated and detail‑oriented GRC Specialist to join our cybersecurity team. You will support governance, risk, and compliance activities for our customers, focusing on security audits, compliance assessments, gap analysis, and remediation planning.

Key responsibilities

• Support execution of GRC activities, including governance, risk management, compliance, and audit tasks.
• Conduct and support security audits and compliance assessments against Saudi and international cybersecurity frameworks.
• Assess cybersecurity controls, identify gaps, and develop remediation plans.
• Build cybersecurity strategies and roadmaps aligned with business needs and regulatory requirements.
• Develop, review, and maintain policies, procedures, standards, and related documentation.
• Perform risk assessments and track mitigation actions.
• Gather audit evidence and coordinate with internal and external stakeholders.
• Prepare reports, findings, gap‑analysis summaries, and status updates for management.
• Support customers in improving governance and compliance maturity.
• Contribute to continuous improvement of GRC processes, templates, and methodologies.

Required profile

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, IT or related field.
• Minimum 3 years of experience in GRC, cybersecurity, compliance, risk management or audit.
• Hands‑on experience with security audits, compliance assessments, gap analysis or control reviews.
• Good knowledge of Saudi cybersecurity frameworks (Aramco CCCCST, NCA ECC/OTCC/DCC/CCCS) and SAMA requirements (CSF, MVC, CRFR).
• Understanding of ISO 27001, NIST, CIS Controls or similar standards.
• Strong analytical, reporting and communication skills.
• Ability to work collaboratively with cross‑functional teams and manage multiple tasks.

Required skills

• Security audits
• Compliance assessments
• Gap analysis
• Risk assessments
• Knowledge of Saudi frameworks: Aramco CCCCST, NCA ECC/OTCC/DCC/CCCS, SAMA CSF/MVC/CRFR
• ISO 27001
• NIST
• CIS Controls