Sr. Cybersecurity Governance, Risk & Compliance (GRC) Specialist

The Sr Cybersecurity GRC Specialist is responsible for establishing and strengthening the organization’s cybersecurity governance, risk, and compliance framework in alignment with SAMA requirements. The role ensures regulatory compliance, manages cybersecurity risks, and enhances audit readiness while supporting secure and sustainable growth in a regulated BNPL environment.Key ResponsibilitiesGovernance & Policy ManagementDevelop and implement cybersecurity policies, standards, and procedures in alignment with the SAMA Cybersecurity Framework.Establish a governance framework for cybersecurity roles, responsibilities, and decision-making.Ensure policies are approved, communicated, and enforced across the organization.Establish and maintain a risk management process, including a risk register, assessment criteria, and periodic reviews.Conduct risk assessments on systems, processes, and vendors.Recommend and track remediation actions.Compliance & Framework AlignmentConduct gap analyses against the SAMA Cybersecurity Framework and other applicable standards (e.g., ISO 27001, NCA ECC/CCC).Develop and execute a roadmap to achieve maturity Level 3.Monitor compliance with internal policies and regulatory requirements.Audit Readiness & Evidence ManagementMaintain a centralized repository for compliance evidence.Coordinate internal and external cybersecurity audits.Prepare and present compliance reports to management.Vendor & Third-Party ManagementImplement vendor risk management processes, including security requirements in SLAs.Ensure third-party SOC services comply with SAMA requirements.Awareness & TrainingConduct cybersecurity awareness and compliance training sessions for employees.Promote a culture of cybersecurity and regulatory compliance.RequirementsBachelor’s degree in Cybersecurity, Information Security, Computer Science, or related field.2-4 years of experience in GRC, preferably in the banking or financial sector.Strong knowledge of the SAMA Cybersecurity Framework and its maturity model.Experience developing policies, conducting gap analyses, and preparing for regulatory audits.Familiarity with ISO 27001 and NCA ECC/CCC is a plus.Excellent communication, documentation, and stakeholder management skills.Preferred SkillsAbility to work independently and lead initiatives.Strong organizational and project management skills.Analytical mindset with attention to detail.Fluency in English and Arabic is preferred.#J-18808-Ljbffr