Security Solution Analyst - GRC Cybersecurity
Over ons
Welkom bij Gentis, waar we toptalent op weg zetten naar een topcarrière in de STEM-sectoren (Science, Technology, Engineering & Mathematics). Gentis is veel méér dan een recruitment agency. Ons ervaren team van recruiters en HR-experts gaat altijd op zoek naar de best mogelijke match tussen bedrijven en kandidaat-professionals. Met advies en begeleiding op maat van jouw loopbaan. Onze doelstelling is kristalhelder: samen met onze stakeholders bouwen we aan een betere, duurzame toekomst. Daarom gaan we op zoek naar de beste carrièrekansen voor toptalent, met behulp van onze unieke skills en tech-driven aanpak. Gentis is vandaag wereldwijd actief – van Europa en Noord-Amerika tot Afrika en het Midden-Oosten. We pionieren in sourcing, staffing en recruitment, gericht op high-end profielen en sterke kandidaten die uitblinken met hun technische en strategische expertise. Wil jij graag het verschil maken, in een job of opdracht met échte impact? Dan is Gentis jouw go-to-partner, om het maximum uit je carrière te halen! Klaar voor je volgende professionele uitdaging? Let’s go!
Functieomschrijving
A leading organization in Saudi Arabia is seeking a Cybersecurity Compliance Officer to join their GRC team. The role focuses on developing and maintaining security governance frameworks, policies, and procedures to ensure alignment with regulatory requirements. The candidate will drive compliance with national cybersecurity regulations, data protection laws, and international security standards.
Key responsibilities include monitoring regulatory compliance, conducting internal security assessments, managing GRC technology platforms, and coordinating external audit engagements. The position requires regular reporting to GRC leadership and supporting organizational certification initiatives.
The ideal candidate will have experience in implementing and maintaining comprehensive security compliance programs while ensuring adherence to industry and regulatory requirements.
Detailed Responsibilities:
- Develop and maintain comprehensive cybersecurity governance frameworks, policies, and procedures ensuring alignment with regulatory requirements, including NCA controls.
- Drive compliance with key security standards and regulations including PDPL, ISO 27001, and other applicable frameworks. Monitor and implement emerging requirements.
- Perform technical security reviews of system configurations, network architecture, and control implementations to validate compliance and security best practices.
- Lead internal security assessments and compliance reviews to identify and remediate control gaps.
- Implement and administer GRC automation platforms to enhance compliance monitoring efficiency and reporting capabilities.
- Design and oversee control attestation procedures, working with control owners to validate and document control effectiveness.
- Develop and execute third-party security assessment program to evaluate and monitor vendor security practices.
- Generate regular security status reports for GRC management. Effectively communicate security risks, issues and recommendations to key stakeholders.
- Manage external audit engagements and certification processes to ensure successful outcomes and continued compliance.
Key Competencies:
- Information Security Governance: Advanced knowledge of security frameworks, policies, and strategic integration of security with business operations. Strong understanding of cyber resilience principles.
- Regulatory & Standards Expertise: Comprehensive understanding of data protection laws, international security standards (ISO), and industry regulations. Ability to interpret and apply evolving requirements.
- Technical Security Knowledge: Proficiency in assessing system security configurations, network architecture, and control implementations. Deep understanding of security best practices.
- Security Assessment: Expert capability in conducting security assessments and compliance reviews. Strong analytical skills in control effectiveness evaluation.
- GRC Technology: Advanced knowledge of GRC platforms and automation solutions. Expertise in optimizing compliance monitoring and reporting processes.
- Control Framework: Deep understanding of control validation procedures and attestation processes. Knowledge of control documentation best practices.
- Third-Party Security: Expert knowledge of vendor security assessment methodologies and supply chain risk management principles.
- Strategic Communication: Strong ability to articulate complex security concepts to various stakeholders. Excellence in security status reporting and presentation.
- Audit Management: In-depth knowledge of external audit and certification processes. Strong understanding of audit evidence requirements and remediation approaches.
- Policy Architecture: Expert understanding of control frameworks and their relationship to organizational policies. Proficiency in mapping security requirements to operational controls.
Core Responsibilities:
- Information Security Governance: Develop and oversee security frameworks, policies, and procedures aligned with business objectives. Integrate security strategy with operations to maintain business continuity and cyber resilience.
- Regulatory & Standards Management: Ensure adherence to data protection laws, international security standards (ISO), and industry regulations. Monitor evolving requirements and update security practices accordingly.
- Technical Security Oversight: Assess and validate system security configurations, network architecture, and control implementations against security requirements and industry best practices.
- Security Assurance: Lead internal security assessments and compliance reviews. Evaluate control effectiveness and drive continuous improvement initiatives.
- Technology & Process Optimization: Implement and manage GRC platforms and automation solutions to enhance compliance monitoring and reporting efficiency.
- Control Management: Design and maintain control validation procedures, ensuring proper documentation and attestation from control owners.
- Third-Party Risk Management: Develop and execute vendor security assessment programs. Evaluate and monitor external partner security postures to manage supply chain risks.
- Stakeholder Management: Deliver regular status updates to GRC leadership on security posture and program effectiveness. Drive clear communication channels with key stakeholders.
- Audit Coordination: Support external audit engagements and certification processes. Partner with auditors and internal teams to facilitate successful outcomes.
- Policy Framework Administration: Maintain unified control framework mapping security requirements to organizational policies. Establish clear relationships between policies, standards, and operational controls.
Education & Professional Certifications:
· Advanced degree in Computing/Technology field (Bachelor's/Master's in Computer Science or related)
· Governance, Risk & Compliance certification (ISC2 GRC)
· CISSP (Certified Information Security Professional)
· CISA (Certified Information Systems Auditor)
· Security Controls Framework certification (SANS SEC566)
· OSCP (Offensive Security Certified Professional)
Werkplek
Samenvatting van de vacature
Maandelijks netto salaris
tussen 17 000 SR en 21 000 SR
Saoedi-Arabië
Al Khobar Saudi Arabia
Onze aanwervingsprocedure
- Telefonisch of online gesprek
Jouw eerste contact met het Talent Acquisition Team van Gentis!
- Persoonlijkheidsanalyse
Een recruiter bij Gentis blinkt uit in soft skills. We checken graag of je het nodige talent in huis hebt, om carrières en bedrijven een boost te geven!
- Interview met de manager of teamleader
Tijd om je toekomstige manager te leren kennen, tijdens een persoonlijk gesprek.
- Proefdag
De allerbeste manier om een duidelijk beeld te krijgen van de sfeer en het werk bij Gentis.
- Reverse interview
We draaien de rollen om: jij stelt de vragen en wij antwoorden!