Cybersecurity Specialist (Govern...
Sheraton, Cairo
Cybersecurity Specialist (Governance, Risk & Compliance)
Sheraton, CairoPosted 5 hours ago6Applicants for1 open position
- 0Viewed
- 0In Consideration
- 0Not Selected
Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
The Cybersecurity GRC Specialist is responsible for developing and maintaining the organization’s cybersecurity policies, ensuring regulatory compliance, conducting risk assessments, and managing third-party security evaluations. This role plays a key part in aligning the organization with national and international cybersecurity standards, such as NCA ECC, SAMA CSF, ISO 27001, and NIST.
Roles and Responsibilities:
Governance & Compliance
- Develop, review, and maintain cybersecurity policies, standards, and procedures in accordance with NCA guidelines, ISO 27001, NIST,
- Ensure compliance with Saudi cybersecurity regulations including NCA Essential Cybersecurity Controls, SAMA Cybersecurity Framework, and other applicable standards.
- Conduct regular gap assessments and recommend corrective actions to ensure compliance.
Risk Management
- Perform cybersecurity risk assessments to identify vulnerabilities, threats, and control gaps.
- Maintain and update the organization's risk register and track mitigation actions.
- Collaborate with IT and business teams to implement risk treatment plans effectively.
Audit & Internal Reviews
- Audit the implementation and effectiveness of cybersecurity policies and procedures.
- Conduct internal compliance reviews and report findings to senior management.
- Coordinate with internal and external auditors for cybersecurity audits and follow up on corrective actions.
Awareness & Training
- Develop and deliver cybersecurity awareness programs for all employees.
- Conduct role-based security training for IT and business users.
- Promote a security-conscious culture through workshops, phishing simulations, and e-learning modules.
- Track and report on training participation and compliance rates.
Incident Response & Regulatory Reporting
- Assist in incident response from a compliance and documentation perspective.
- Prepare and submit regulatory compliance reports (e.g., NCA, SAMA).
Maintain proper documentation for audits and legal requirements.
Job Requirements
Education:
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
Certificates:
- CRISC – Certified in Risk and Information Systems Control
- ISO 27001 Lead Auditor
- Certified Ethical Hacker (CEH)
- CompTIA PenTest+
Experience:
- 2 to 5 years of hands-on experience in cybersecurity governance, compliance, or risk management.
Technical Skills:
- Strong knowledge of cybersecurity governance, risk management, and compliance standards.
- Proficiency in conducting gap analyses, risk assessments, and developing remediation plans.
- Familiarity with third-party risk management and vendor security assessments.
- Strong analytical thinking and ability to recommend practical solutions.
- Excellent reporting and communication skills in English and Arabic.
- Attention to detail and documentation accuracy.
Soft Skills:
- Excellent problem-solving and analytical skills.
- Strong communication and teamwork abilities.
- Ability to work under pressure and meet tight deadlines when needed.
- Keep learning both technical know-how and personal skills.
