A leading organization in Saudi Arabia is seeking a Cybersecurity Compliance Officer to join their GRC team. The role focuses on developing and maintaining security governance frameworks, policies, and procedures to ensure alignment with regulatory requirements. The candidate will drive compliance with national cybersecurity regulations, data protection laws, and international security standards.

Key responsibilities include monitoring regulatory compliance, conducting internal security assessments, managing GRC technology platforms, and coordinating external audit engagements. The position requires regular reporting to GRC leadership and supporting organizational certification initiatives.

The ideal candidate will have experience in implementing and maintaining comprehensive security compliance programs while ensuring adherence to industry and regulatory requirements.

Detailed Responsibilities:

• Develop and maintain comprehensive cybersecurity governance frameworks, policies, and procedures ensuring alignment with regulatory requirements, including NCA controls.
• Drive compliance with key security standards and regulations including PDPL, ISO 27001, and other applicable frameworks. Monitor and implement emerging requirements.
• Perform technical security reviews of system configurations, network architecture, and control implementations to validate compliance and security best practices.
• Lead internal security assessments and compliance reviews to identify and remediate control gaps.
• Implement and administer GRC automation platforms to enhance compliance monitoring efficiency and reporting capabilities.
• Design and oversee control attestation procedures, working with control owners to validate and document control effectiveness.
• Develop and execute third-party security assessment program to evaluate and monitor vendor security practices.
• Generate regular security status reports for GRC management. Effectively communicate security risks, issues and recommendations to key stakeholders.
• Manage external audit engagements and certification processes to ensure successful outcomes and continued compliance.

Key Competencies:

• Information Security Governance: Advanced knowledge of security frameworks, policies, and strategic integration of security with business operations. Strong understanding of cyber resilience principles.
• Regulatory & Standards Expertise: Comprehensive understanding of data protection laws, international security standards (ISO), and industry regulations. Ability to interpret and apply evolving requirements.
• Technical Security Knowledge: Proficiency in assessing system security configurations, network architecture, and control implementations. Deep understanding of security best practices.
• Security Assessment: Expert capability in conducting security assessments and compliance reviews. Strong analytical skills in control effectiveness evaluation.
• GRC Technology: Advanced knowledge of GRC platforms and automation solutions. Expertise in optimizing compliance monitoring and reporting processes.
• Control Framework: Deep understanding of control validation procedures and attestation processes. Knowledge of control documentation best practices.
• Third-Party Security: Expert knowledge of vendor security assessment methodologies and supply chain risk management principles.
• Strategic Communication: Strong ability to articulate complex security concepts to various stakeholders. Excellence in security status reporting and presentation.
• Audit Management: In-depth knowledge of external audit and certification processes. Strong understanding of audit evidence requirements and remediation approaches.
• Policy Architecture: Expert understanding of control frameworks and their relationship to organizational policies. Proficiency in mapping security requirements to operational controls.

Core Responsibilities:

• Information Security Governance: Develop and oversee security frameworks, policies, and procedures aligned with business objectives. Integrate security strategy with operations to maintain business continuity and cyber resilience.
• Regulatory & Standards Management: Ensure adherence to data protection laws, international security standards (ISO), and industry regulations. Monitor evolving requirements and update security practices accordingly.
• Technical Security Oversight: Assess and validate system security configurations, network architecture, and control implementations against security requirements and industry best practices.
• Security Assurance: Lead internal security assessments and compliance reviews. Evaluate control effectiveness and drive continuous improvement initiatives.
• Technology & Process Optimization: Implement and manage GRC platforms and automation solutions to enhance compliance monitoring and reporting efficiency.
• Control Management: Design and maintain control validation procedures, ensuring proper documentation and attestation from control owners.
• Third-Party Risk Management: Develop and execute vendor security assessment programs. Evaluate and monitor external partner security postures to manage supply chain risks.
• Stakeholder Management: Deliver regular status updates to GRC leadership on security posture and program effectiveness. Drive clear communication channels with key stakeholders.
• Audit Coordination: Support external audit engagements and certification processes. Partner with auditors and internal teams to facilitate successful outcomes.
• Policy Framework Administration: Maintain unified control framework mapping security requirements to organizational policies. Establish clear relationships between policies, standards, and operational controls.

Education & Professional Certifications:

· Advanced degree in Computing/Technology field (Bachelor's/Master's in Computer Science or related)

· Governance, Risk & Compliance certification (ISC2 GRC)

· CISSP (Certified Information Security Professional)

· CISA (Certified Information Systems Auditor)

· Security Controls Framework certification (SANS SEC566)

· OSCP (Offensive Security Certified Professional)