GRC Expert

Minimum of 4 years of dedicated experience in GRC, Information Security, or IT Audit. Deep understanding of ISO 27001 and SOC 2 controls. Familiarity with NCA ECC and SAMA regulations. Experience with automated GRC platforms. Solid understanding of IAM concepts (RBAC, SSO, MFA, PAM). Proficiency in risk assessment methodologies (e.g., ISO 27005, NIST SP 800-30). Excellent communication skills in English. Ability to work independently and manage multiple audit timelines simultaneously. Strong analytical and problem-solving skills.

Lead preparation and execution of external audits for ISO 27001 and SOC 2. Manage compliance with NCA ECC and SAMA cybersecurity frameworks. Utilize Vanta to map controls, automate evidence collection, and monitor compliance. Oversee IAM lifecycle, enforcing 'Least Privilege' and 'Need-to-Know'. Manage Quarterly Access Reviews within Vanta. Monitor IdP integrations and ensure MFA adoption. Review and approve privileged access requests. Maintain and update the organizational Risk Register. Conduct periodic risk assessments and track treatment plans. Perform Third-Party Risk Management assessments. Review and update information security policies and procedures. Coordinate internal audits and pre-assessments. Assist in responding to client security questionnaires and maintaining the Vanta Trust Center.