نوع العمل : عمل كلى
الخبرة : 3-5 سنة
الراتب : Not mentioned
المكان : Egypt
الخبرة : 3-5 سنة
الراتب : Not mentioned
المكان : Egypt
Job Details
Experience Needed:2 To 5 YearsCareer Level:Experienced (Non-Manager)Education Level:Bachelor's DegreeSalary:ConfidentialJob Categories:
Experience Needed:2 To 5 Years
Career Level:Experienced (Non-Manager)
Education Level:Bachelor's Degree
Salary:Confidential
Job Categories:
Skills And Tools:
Job Description
The Cybersecurity GRC Specialist is responsible for developing and maintaining the organization’s cybersecurity policies, ensuring regulatory compliance, conducting risk assessments, and managing third-party security evaluations. This role plays a key part in aligning the organization with national and international cybersecurity standards, such as NCA ECC, SAMA CSF, ISO 27001, and NIST.
Roles and Responsibilities:
Governance & Compliance
- Develop, review, and maintain cybersecurity policies, standards, and procedures in accordance with NCA guidelines, ISO 27001, NIST,
- Ensure compliance with Saudi cybersecurity regulations including NCA Essential Cybersecurity Controls, SAMA Cybersecurity Framework, and other applicable standards.
- Conduct regular gap assessments and recommend corrective actions to ensure compliance.
Risk Management
- Perform cybersecurity risk assessments to identify vulnerabilities, threats, and control gaps.
- Maintain and update the organization's risk register and track mitigation actions.
- Collaborate with IT and business teams to implement risk treatment plans effectively.
Audit & Internal Reviews
- Audit the implementation and effectiveness of cybersecurity policies and procedures.
- Conduct internal compliance reviews and report findings to senior management.
- Coordinate with internal and external auditors for cybersecurity audits and follow up on corrective actions.
Awareness & Training
- Develop and deliver cybersecurity awareness programs for all employees.
- Conduct role-based security training for IT and business users.
- Promote a security-conscious culture through workshops, phishing simulations, and e-learning modules.
- Track and report on training participation and compliance rates.
Incident Response & Regulatory Reporting
- Assist in incident response from a compliance and documentation perspective.
- Prepare and submit regulatory compliance reports (e.g., NCA, SAMA).
Maintain proper documentation for audits and legal requirements.
The Cybersecurity GRC Specialist is responsible for developing and maintaining the organization’s cybersecurity policies, ensuring regulatory compliance, conducting risk assessments, and managing third-party security evaluations. This role plays a key part in aligning the organization with national and international cybersecurity standards, such as NCA ECC, SAMA CSF, ISO 27001, and NIST.
Roles and Responsibilities:
Governance & Compliance
- Develop, review, and maintain cybersecurity policies, standards, and procedures in accordance with NCA guidelines, ISO 27001, NIST,
- Ensure compliance with Saudi cybersecurity regulations including NCA Essential Cybersecurity Controls, SAMA Cybersecurity Framework, and other applicable standards.
- Conduct regular gap assessments and recommend corrective actions to ensure compliance.
Risk Management
- Perform cybersecurity risk assessments to identify vulnerabilities, threats, and control gaps.
- Maintain and update the organization's risk register and track mitigation actions.
- Collaborate with IT and business teams to implement risk treatment plans effectively.
Audit & Internal Reviews
- Audit the implementation and effectiveness of cybersecurity policies and procedures.
- Conduct internal compliance reviews and report findings to senior management.
- Coordinate with internal and external auditors for cybersecurity audits and follow up on corrective actions.
Awareness & Training
- Develop and deliver cybersecurity awareness programs for all employees.
- Conduct role-based security training for IT and business users.
- Promote a security-conscious culture through workshops, phishing simulations, and e-learning modules.
- Track and report on training participation and compliance rates.
Incident Response & Regulatory Reporting
- Assist in incident response from a compliance and documentation perspective.
- Prepare and submit regulatory compliance reports (e.g., NCA, SAMA).
Maintain proper documentation for audits and legal requirements.
Job Requirements
Education:
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
Certificates:
- CRISC – Certified in Risk and Information Systems Control
- ISO 27001 Lead Auditor
- Certified Ethical Hacker (CEH)
- CompTIA PenTest+
Experience:
- 2 to 5 years of hands-on experience in cybersecurity governance, compliance, or risk management.
Technical Skills:
- Strong knowledge of cybersecurity governance, risk management, and compliance standards.
- Proficiency in conducting gap analyses, risk assessments, and developing remediation plans.
- Familiarity with third-party risk management and vendor security assessments.
- Strong analytical thinking and ability to recommend practical solutions.
- Excellent reporting and communication skills in English and Arabic.
- Attention to detail and documentation accuracy.
Soft Skills:
- Excellent problem-solving and analytical skills.
- Strong communication and teamwork abilities.
- Ability to work under pressure and meet tight deadlines when needed.
- Keep learning both technical know-how and personal skills.
Education:
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
Certificates:
- CRISC – Certified in Risk and Information Systems Control
- ISO 27001 Lead Auditor
- Certified Ethical Hacker (CEH)
- CompTIA PenTest+
Experience:
- 2 to 5 years of hands-on experience in cybersecurity governance, compliance, or risk management.
Technical Skills:
- Strong knowledge of cybersecurity governance, risk management, and compliance standards.
- Proficiency in conducting gap analyses, risk assessments, and developing remediation plans.
- Familiarity with third-party risk management and vendor security assessments.
- Strong analytical thinking and ability to recommend practical solutions.
- Excellent reporting and communication skills in English and Arabic.
- Attention to detail and documentation accuracy.
Soft Skills:
- Excellent problem-solving and analytical skills.
- Strong communication and teamwork abilities.
- Ability to work under pressure and meet tight deadlines when needed.
- Keep learning both technical know-how and personal skills.