GRC Specialist

We are looking for a motivated and detail-oriented GRC Specialist to join our cybersecurity team.

In this role, you will support governance, risk, and compliance activities, with a strong focus on conducting security audits, compliance assessments, gap analysis, and remediation planning for our customers. You will work closely with internal teams, clients, and stakeholders to assess cybersecurity controls, identify compliance gaps, support the development of cybersecurity strategies and roadmaps, and help ensure alignment with Saudi cybersecurity frameworks and international standards.

Key Responsibilities

• Support the execution of GRC activities, including governance, risk management, compliance, and audit-related tasks.
• Conduct and support security audits and compliance assessments against Saudi and international cybersecurity frameworks.
• Assess cybersecurity controls, identify compliance gaps, and support the development of remediation plans.
• Build cybersecurity strategies and roadmaps aligned with customers’ business needs and regulatory requirements.
• Develop, review, and maintain cybersecurity policies, procedures, standards, and related documentation.
• Conduct risk assessments and support the tracking of risk mitigation actions.
• Gather audit evidence and coordinate with internal and external stakeholders during assessment activities.
• Prepare reports, findings, gap analysis summaries, and status updates for management and stakeholders.
• Support customers in improving their cybersecurity governance and compliance maturity.
• Contribute to the continuous improvement of GRC processes, templates, and methodologies.

Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field.

Minimum of 3 years of experience in GRC, cybersecurity, compliance, risk management, audit, or a related area.

Hands-on experience in security audits, compliance assessments, gap analysis, or control reviews.

Good knowledge of Saudi cybersecurity frameworks and regulatory requirements, especially:

• Aramco CCC
• CST cybersecurity requirements
• NCA frameworks such as ECC, OTCC, DCC, and CCC
• SAMA cybersecurity requirements, including CSF, MVC, and CRFR

Understanding of information security standards and control frameworks such as ISO 27001, NIST, CIS Controls, or similar.

Strong analytical skills and attention to detail.

Good report writing, documentation, and communication skills.

Ability to work collaboratively with cross-functional teams and customer stakeholders.

Ability to manage multiple tasks and support projects within agreed timelines.

Preferred Qualifications

• ISO 27001 Lead Implementer and/or Lead Auditor certification.
• Professional certifications such as CISSP, CISM, CISA, CRISC, or similar.
• Experience working with cybersecurity consulting firms or regulated industries.
• Experience preparing executive-level reports, dashboards, or compliance presentations.
• Familiarity with risk registers, compliance trackers, audit evidence collection, and remediation follow-up.