GRC Specialist

CCDS is seeking a qualified and motivated Saudi IT GRC Specialist to join our team. The successful candidate will play a key role in managing IT governance, risk, and compliance in accordance with SDAIA, ISO standards, and NCA regulations. You will work closely with internal and external stakeholders to ensure that IT operations comply with national cybersecurity directives and international best practices. This role requires a proactive professional who can assess risks, implement controls, and help maintain a strong cybersecurity posture.

Responsibilities

• Implement and manage IT GRC frameworks aligned with SDAIA, ISO standards, and NCA guidelines.
• Conduct risk assessments, compliance audits, and gap analysis to identify and mitigate IT risks.
• Develop and maintain policies, procedures, and documentation related to IT governance and compliance.
• Monitor compliance status and prepare reports for senior management and regulatory bodies.
• Collaborate with relevant teams to ensure adherence to cybersecurity policies and regulations.
• Provide training and awareness sessions on GRC topics to relevant stakeholders.
• Stay updated with regulatory changes and industry best practices in cybersecurity and IT governance.

• Saudi Nationality is required.
• Bachelor’s degree in Information Technology, Cybersecurity, or related field.
• Minimum of 2 years of experience in IT GRC roles.
• Strong knowledge and practical experience with SDAIA, ISO (particularly ISO 27001), and NCA requirements.
• Experience in conducting risk assessments and compliance audits.
• Ability to develop and implement IT governance policies and procedures.
• Excellent communication and interpersonal skills.
• Relevant certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor are advantageous.

• Paid Time Off
• Performance Bonus
• Private Family Medical Insurance
• Training & Development plan