Cyber GRC Manager
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Develop and implement a risk-based cyber governance, risk management, and compliance strategy while managing policies, assessments, and third-party risks.
Key Skills for This Role
Full Job Posting
Key Responsibilities
- Develop and evolve a risk-based cyber GRC strategy that aligns with enterprise risk appetite and business priorities.
- Lead the GRC program, including governance forums, risk assessment cadence, control frameworks, and remediation tracking.
- Partner with senior leadership to translate regulatory and business requirements into practical program objectives and roadmaps.
Policy, Standards & Control Management
- Maintain and enhance information security policies, standards, and procedures; ensure clear ownership and version control across the policy lifecycle.
- Define and maintain control objectives mapped to frameworks (e.g., NIST CSF, ISO 27001, SOC 2) and ensure consistent implementation across teams.
- Coordinate control testing, assessments, and remediation activities with internal teams and external assessors.
Risk Assessment & Third-Party Risk Management
- Conduct enterprise and technology risk assessments; identify, evaluate, and prioritize cyber risks and mitigation plans.
- Own third-party risk management processes including vendor risk assessments, due diligence, contract security requirements, and ongoing monitoring.
- Work with procurement and vendor owners to remediate deficiencies and reduce supply chain risk.
Compliance & Audit Support
- Manage compliance programs and readiness for relevant regulations and standards (e.g., SOC 2, ISO 27001, GDPR, HIPAA where applicable).
- Act as primary liaison for internal and external audits, prepare evidence and reporting, and coordinate remediation activities.
- Maintain documentation and continuous evidence of controls to support attestations and regulatory reporting.
Metrics, Reporting & Continuous Improvement
- Define and report GRC metrics and dashboards (e.g., risk posture, control maturity, remediation timelines, vendor risk status) to leadership and stakeholders.
- Use data and trend analysis to identify program gaps, recommend improvements, and measure the effectiveness of risk reduction efforts.
- Develop and maintain GRC playbooks, runbooks, and process documentation to enable repeatable, auditable practices.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Client of Stellar Hunters
DevOps/Platform Engineer
Saudi Arabia, KSA
Design and operate scalable platform services using cloud technologies, automate CI/CD pipelines, and ensure platform reliability while mentoring engineers.
Employer Branding Specialist
Saudi Arabia, KSA
Develop and execute employer branding strategies, create engaging content, manage social media presence, and enhance candidate experience while utilizing analytics for continuou...
Systems Administrator
Riyadh, KSA
Responsible for managing systems and infrastructure, ensuring security and performance, with skills in automation, troubleshooting, and collaboration across teams.
Legal Director
Riyadh, KSA
Lead legal strategy, ensure compliance, manage contracts and disputes, and develop legal team with expertise in corporate and regulatory law.
Instructional Designer
Saudi Arabia, KSA
Design and develop engaging learning experiences using instructional design principles, collaborate with stakeholders, and utilize e-learning tools for effective training.
Senior Internal IT Auditor
Saudi Arabia, KSA
The role involves planning and executing IT audits, assessing risks, evaluating controls, and providing remediation recommendations while ensuring compliance with regulations.
Learning & Development Manager
Saudi Arabia, KSA
Develop and implement learning strategies, design training programs, manage leadership development, and evaluate training effectiveness using data analytics.
Cyber GRC Specialist
Saudi Arabia, KSA
Develop and operationalize cybersecurity policies, conduct risk assessments, support compliance initiatives, and provide security training for cross-functional teams.
DevOps/Platform Engineer
Saudi Arabia, KSA
Employer Branding Specialist
Saudi Arabia, KSA
Systems Administrator
Riyadh, KSA
Legal Director
Riyadh, KSA
Instructional Designer
Saudi Arabia, KSA
Senior Internal IT Auditor
Saudi Arabia, KSA
Learning & Development Manager
Saudi Arabia, KSA
Cyber GRC Specialist
Saudi Arabia, KSA