Leverage your abilities and join the dynamic team of a leading Saudi company specializing in the Ecommerce retail industry in Saudi Arabia, Riyadh.
As the Cybersecurity GRC Manager, you will oversee the organization's governance, risk, and compliance efforts, ensuring the safeguarding of digital assets and strict adherence to security policies.
Key Accountabilities
The position involves:
- Develop, implement, and maintain cybersecurity policies and procedures aligned with industry best practices and regulatory requirements.
- Identify, assess, and mitigate security risks to the organization’s digital infrastructure and data assets.
- Ensure compliance with applicable laws, regulations, and standards such as GDPR, HIPAA, and ISO/IEC 27001.
- Conduct regular audits and security assessments to evaluate and improve the organization's security posture.
- Develop and coordinate security awareness programs to educate employees on cybersecurity best practices and policies.
- Apply strong analytical and problem-solving skills to identify risks and devise effective mitigation strategies.
- Ensure thorough compliance auditing and accurate risk assessments with keen attention to detail.
- Communicate effectively with internal stakeholders and auditors, both in writing and verbally.
- Leverage in-depth knowledge of cybersecurity principles, technologies, and risk management frameworks.
- Manage strategic initiatives and maintain compliance timelines with strong project management skills.
Knowledge, Skills, and Experience
We are Looking for:
- Bachelor's degree in Information Technology, Cybersecurity, or a related field.
- Professional certifications such as CISSP, CISM, or CRISC are highly preferred.
- Minimum 3 years of experience in Cybersecurity Governance, Risk, and Compliance (GRC) is required.
- Proven experience in cybersecurity risk management, policy development, or compliance roles.
- Ability to stay current with technological advancements and emerging security threats.
- ISO certification is required.
- Experience in building cybersecurity programs from the ground up.
- Familiarity with National Cybersecurity Authority (NCA) regulations and standards.