Cybersecurity GRC Specialist
Job Description
Responsible to ensure that CCC adheres to regulatory requirements, manages risks appropriately, and follow best practices in cybersecurity governance, risk and compliance and data privacy domain.
Personal Skills
• Develop, implement, and maintain cybersecurity governance frameworks and policies that align with organizational goals and regulatory requirements.
• Conduct regular risk assessments to identify potential security threats to the organization's information assets and evaluate the likelihood and impact of identified risks.
• Implement risk treatment plans and track the status of risk mitigation efforts.
• Ensure compliance with relevant laws, regulations, and industry standards (e.g., STC GUARD, NCA, CST CRF, PDPL, ISO 27001, NDMO).
• Monitor and report on compliance status, coordinating with stakeholders to address compliance gaps.
• Coordinate internal and external audits related to cybersecurity and compliance, acting as the primary point of contact for auditors.
• Prepare necessary documentation and evidence to facilitate audit processes.
• Develop, review, and maintain cybersecurity policies, standards, and procedures to ensure they meet regulatory, legal, and ethical requirements.
• Design and deliver cybersecurity training and awareness programs to promote a culture of security in CCC by STC.
• Collaborate with incident response teams to establish incident management procedures that ensure regulatory, and compliance requirements are met during an incident.
• Assess third-party vendors for their cybersecurity posture and compliance with regulatory requirements, ensuring that contractual agreements reflect security expectations.
• Develop and maintain metrics and reporting mechanisms to assess and communicate the effectiveness of GRC initiatives to executive leadership and stakeholders.
• Facilitate the adoption of industry-leading security frameworks and best practices in CCC by STC.
• Work closely with IT, legal, compliance, and business units to integrate GRC activities into business processes and ensure alignment with overall organizational strategy.
• Stay updated on industry trends, emerging technologies, and regulatory changes to continuously improve GRC initiatives and adapt policies accordingly.
• Provide guidance and support on remediation strategies and processes for identified vulnerability and compliance issues.
• Assist in the development of metrics and assessments to evaluate GRC program effectiveness and identify areas for improvement.
• Cultivate a culture of cybersecurity awareness and compliance in CCC by STC through engagement and communication strategies
Technical Skills
• Develop, implement, and maintain cybersecurity governance frameworks and policies that align with organizational goals and regulatory requirements.
• Conduct regular risk assessments to identify potential security threats to the organization's information assets and evaluate the likelihood and impact of identified risks.
• Implement risk treatment plans and track the status of risk mitigation efforts.
• Ensure compliance with relevant laws, regulations, and industry standards (e.g., STC GUARD, NCA, CST CRF, PDPL, ISO 27001, NDMO).
• Monitor and report on compliance status, coordinating with stakeholders to address compliance gaps.
• Coordinate internal and external audits related to cybersecurity and compliance, acting as the primary point of contact for auditors.
• Prepare necessary documentation and evidence to facilitate audit processes.
• Develop, review, and maintain cybersecurity policies, standards, and procedures to ensure they meet regulatory, legal, and ethical requirements.
• Design and deliver cybersecurity training and awareness programs to promote a culture of security in CCC by STC.
• Collaborate with incident response teams to establish incident management procedures that ensure regulatory, and compliance requirements are met during an incident.
• Assess third-party vendors for their cybersecurity posture and compliance with regulatory requirements, ensuring that contractual agreements reflect security expectations.
• Develop and maintain metrics and reporting mechanisms to assess and communicate the effectiveness of GRC initiatives to executive leadership and stakeholders.
• Facilitate the adoption of industry-leading security frameworks and best practices in CCC by STC.
• Work closely with IT, legal, compliance, and business units to integrate GRC activities into business processes and ensure alignment with overall organizational strategy.
Education
Bachelor’s degree in a relevant field.
Job Location Riyadh, Saudi Arabia Job Role Information Technology Years of Experience Min: 4 Max: 6 Residence Location Riyadh, Saudi Arabia
