Cybersecurity GRC Expert

Role Overview
The ideal candidate has deep experience in cybersecurity frameworks, risk management, regulatory

alignment, audits, policy development, and leading enterprise GRC programs.

The role includes working with government and regulated sectors, contributing to cybersecurity

posture improvement, and ensuring client compliance with international and KSA-specific

frameworks.

This position is client-facing, leadership-oriented, and requires both strategic and hands-on GRC

expertise.

Top 5 Responsibilities

1.Lead GRC engagements including cybersecurity assessments, maturity evaluations, gap

analyses, and compliance improvement roadmaps.

2.Develop and implement cybersecurity governance frameworks, policies, procedures,

and standards aligned with ISO 27001, NCA ECC/CCC, NIST CSF, COBIT, and sector-

specific mandates.

3.Conduct enterprise risk assessments, create risk treatment plans, and drive continuous

risk reduction programs with business stakeholders.

4.Manage internal/external audits, regulatory compliance initiatives, and coordinate with

client teams to ensure audit readiness and control effectiveness.

5.Provide strategic advisory on cybersecurity governance, operating models, KPIs, and

continuous improvement across government and enterprise environments.

Must-Have Technologies & Platforms Experience

(Not technical hands-on configuration, but exposure in a GRC context)

• SIEM / SOC Technologies: Microsoft Sentinel, Splunk, IBM QRadar
• Network & Security Platforms: Palo Alto, Fortinet, Cisco Security
• EDR/XDR Platforms: CrowdStrike, Microsoft Defender XDR
• Cloud Security: Microsoft Azure security controls, AWS Security Hub, CSP governance
• GRC Tools: RSA Archer, ServiceNow GRC, MetricStream, OneTrust
• Vulnerability Management: Tenable, Qualys, Rapid7

Candidates must understand control requirements, governance, integration points, reporting

outputs, and compliance mapping for these technology domains.

Nice-to-Have Technologies

• Knowledge of KSA-specific compliance platforms (NCA GRC portals, banking

compliance portals)

• Data Privacy and DLP Platforms (Microsoft Purview, Symantec, Forcepoint)
• DevSecOps practices and CI/CD pipeline assessments
• OT/ICS governance frameworks (NIST 800-82, IEC 62443)

Required & Preferred Certifications

Required

• ISO 27001 Lead Implementer (LI) or Lead Auditor (LA)
• CGRC (formerly CAP) or equivalent risk-focused certification
• CISM or CISSP (one required for Lead level)

Preferred / Strong Plus

• SABSA Foundation or Practitioner

• COBIT 2019
• ITIL 4 Foundation
• NCA-specific training (ECC/CCC/CSM)
• Cloud certifications: Azure Security Engineer, CCSK, CCSP

Experience Requirements

• 7–10 years in cybersecurity governance, compliance, and risk management roles
• Proven leadership in GRC project delivery with enterprise or government clients
• Experience with KSA regulatory frameworks, such as:

oNCA ECC v2 / CCC

oSAMA CSF

oCITC / CST Regulations

oNDMO Data Governance

• Experience designing cybersecurity programs and managing cross-domain teams