Cybersecurity GRC Manager
Job description
We’re looking for a Cybersecurity GRC consultant role. As an integral member of the cybersecurity consulting team, reporting to the management, the responsibility of the GRC Consultant is to carry out the engagements related to Cybersecurity Governance, Risk, and Compliance(GRC), and other related requirements, The ideal candidate will know about risk management, compliance, and privacy practices, and be an effective communicator, both written and verbal.
Roles & Responsibilities
1. GRC Strategy Development: Collaborate with clients to develop and implement comprehensive Governance, Risk, and Compliance strategies aligned with industry best practices and regulatory standards.
2. Risk Assessment and Management: Conduct risk assessments to identify and evaluate cybersecurity risks, vulnerabilities, and threats. Develop risk mitigation strategies and action plans to address identified risks effectively.
3. Regulatory Compliance: Ensure adherence to relevant cybersecurity regulations, standards, and frameworks such as National Cybersecurity Authority (NCA), ISO 27001, NIST, HIPAA etc. Assist clients in interpreting regulatory requirements and implementing necessary controls and processes to achieve compliance.
4. Policy Development and Implementation: Develop, review, and implement cybersecurity policies, procedures, and guidelines to establish a robust security framework. Providing guidance on policy enforcement and compliance monitoring.
5. Security Incident Response: Develop and maintain incident response plans and procedures. Provide guidance and support during security incidents, including incident detection, containment, eradication, and recovery.
6. Security Governance and Reporting: Establish governance structures for cybersecurity oversight and decision-making. Prepare and present regular reports on cybersecurity posture, compliance status, and risk mitigation efforts to senior management and stakeholders.
7. Vendor Risk Management: Assess third-party vendor security risks and ensure compliance with contractual security requirements. Develop and implement vendor risk management programs to mitigate risks associated with third-party relationships.
8. Cybersecurity Awareness Program: establish a cybersecurity training program, build presentations, conduct workshops, and build a capabilities program for the workforce.
2. Risk Assessment and Management: Conduct risk assessments to identify and evaluate cybersecurity risks, vulnerabilities, and threats. Develop risk mitigation strategies and action plans to address identified risks effectively.
3. Regulatory Compliance: Ensure adherence to relevant cybersecurity regulations, standards, and frameworks such as National Cybersecurity Authority (NCA), ISO 27001, NIST, HIPAA etc. Assist clients in interpreting regulatory requirements and implementing necessary controls and processes to achieve compliance.
4. Policy Development and Implementation: Develop, review, and implement cybersecurity policies, procedures, and guidelines to establish a robust security framework. Providing guidance on policy enforcement and compliance monitoring.
5. Security Incident Response: Develop and maintain incident response plans and procedures. Provide guidance and support during security incidents, including incident detection, containment, eradication, and recovery.
6. Security Governance and Reporting: Establish governance structures for cybersecurity oversight and decision-making. Prepare and present regular reports on cybersecurity posture, compliance status, and risk mitigation efforts to senior management and stakeholders.
7. Vendor Risk Management: Assess third-party vendor security risks and ensure compliance with contractual security requirements. Develop and implement vendor risk management programs to mitigate risks associated with third-party relationships.
8. Cybersecurity Awareness Program: establish a cybersecurity training program, build presentations, conduct workshops, and build a capabilities program for the workforce.
Qualifications and Experience
• Saudi National.
• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• Minimum 6-10 years of Cybersecurity GRC experience.
• Proven experience as a Cybersecurity GRC or in a similar role, with a strong focus on governance, risk management, and compliance.
• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• Minimum 6-10 years of Cybersecurity GRC experience.
• Proven experience as a Cybersecurity GRC or in a similar role, with a strong focus on governance, risk management, and compliance.
Certificates
ISO27K LI. ISO27K LA, CRISC, CISM, CISSP, and related cybersecurity certificates.