Senior Cybersecurity GRC Officer
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Job Purpose: The Senior Cybersecurity GRC Officer is responsible for leading and executing cybersecurity governance, risk, compliance, policy management, control assessment and audit support activities.
Key Skills for This Role
Full Job Posting
Job Purpose
The Senior Cybersecurity GRC Officer is responsible for leading and executing cybersecurity governance, risk, compliance, policy management, control assessment and audit support activities. The role identifies, assesses, monitors and reports cybersecurity risks; ensures the cybersecurity program complies with applicable requirements, policies and standards; develops and maintains cybersecurity policies; assesses cybersecurity control effectiveness; and supports cybersecurity audits and assurance activities.
Cybersecurity Risk Management
Conduct cybersecurity risk assessments for systems, applications, infrastructure, third parties, projects and major technology changes.
Develop cybersecurity risk profiles by assessing threats, vulnerabilities, likelihood, impact and existing controls.
Develop risk mitigation strategies, countermeasures and residual risk statements in line with risk appetite.
Maintain cybersecurity risk registers and confirm whether risk levels remain within acceptable limits.
Coordinate with risk owners to assign ownership, agree treatment actions, define target dates and track remediation status.
Provide input to the cybersecurity risk management framework, scoring methodology and related documentation.
Use continuous monitoring outputs, metrics and evidence to support ongoing cybersecurity risk awareness.
Communicate cybersecurity risks and posture to management in clear, concise and actionable reporting.
Compliance Management And Regulatory Assurance
Monitor and evaluate cybersecurity program compliance with applicable requirements, policies, standards and controls.
Analyze cybersecurity defense policies and configurations to evaluate compliance with regulations and organizational directives.
Develop methods to monitor and measure risk, compliance and assurance activities.
Maintain awareness of applicable cybersecurity legislation, regulatory requirements, accreditation standards and compliance documentation.
Coordinate with relevant regulatory agencies, external auditors and authorized parties during compliance
reviews or investigations.
Collect evidence, track remediation and maintain audit-ready documentation for compliance activities.
Develop cybersecurity compliance processes and audits for services provided by third parties where applicable.
Cybersecurity Policy And Documentation Governance
Develop cybersecurity policies and related documentation.
Review existing and proposed policies and related documentation with stakeholders.
Analyze the organization’s cybersecurity policy environment and identify improvement requirements.
Work with stakeholders to develop cybersecurity policies aligned with the organization’s cybersecurity strategy.
Create, update, publish and maintain cybersecurity policies, standards, procedures and supporting governance documents.
Provide policy guidance to cybersecurity management, staff and users.
Ensure policies are periodically reviewed and remain aligned with organizational objectives, cybersecurity strategy and regulatory requirements.
Security Control Assessment And Effectiveness Reviews
Assess the effectiveness of cybersecurity controls across technology, process and governance areas.
Perform cybersecurity reviews and identify security gaps in security architecture, system design and control implementation.
Assess configuration management processes and verify that system, application and network configurations comply with cybersecurity policies.
Review risk registers, accreditation packages and supporting documentation to assess whether risk and control evidence are complete and accurate.
Provide technical and procedural evaluations of applications, systems or networks and document compliance against agreed cybersecurity requirements.
Recommend cost-effective security controls and remediation strategies to mitigate identified risks and control gaps.
Ensure security design and cybersecurity development activities are appropriately documented.
Track remediation of vulnerabilities and control deficiencies to support control maturity improvement.
Cybersecurity Audit Support And Assurance Reporting
Plan, support, conduct and manage cybersecurity audits or reviews of systems, networks, applications, services and cybersecurity processes.
Prepare cybersecurity assessment and audit reports that identify technical and procedural findings with recommended remediation actions.
Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
Maintain an audit log and evidence repository for cybersecurity controls and assurance activities.
Ensure cybersecurity audits test relevant aspects of infrastructure and policy compliance.
Develop secure information-sharing processes with external auditors when required.
Communicate audit findings, risk implications and remediation status to authorized stakeholders.
Third-Party, Procurement and Supply Chain GRC
Evaluate cybersecurity aspects of contracts to ensure compliance with financial, contractual, legal
and regulatory requirements.
Ensure products implemented to manage cybersecurity risks are evaluated and authorized for use.
Determine and document supply chain risks for critical system elements.
Support cybersecurity reviews of third-party services, outsourced arrangements and supplier-provided technology solutions.
Develop and review cybersecurity compliance processes and audits for third-party services.
Identify cybersecurity and privacy issues related to connections with internal and external third parties and their supply chains.
Stakeholder Engagement And Advisory
Establish and maintain appropriate communication channels with stakeholders.
Present risk, compliance and control assessment results to technical and non-technical audiences.
Provide cybersecurity guidance to business, IT and control functions on governance, risk and compliance matters.
Work with stakeholders to resolve cybersecurity incidents, vulnerability compliance issues and control weaknesses from a GRC perspective.
Promote cybersecurity policy and strategy awareness among management and relevant users.
Support management reporting on cybersecurity risks, readiness, compliance status and progress against plans.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at البيت الأهلي للتمويل
Senior Customer Care
Jiddah, KSA
We are seeking a Senior Customer Care specialist to manage and analyze complaints, ensure quality reports, and improve performance. You will handle complaints via E-SAMA, prepare analytical reports, and support the conta
Sales Consultant ( Ijarah )
Jiddah, KSA
البيت الأهلي للتمويل seeks a Sales Consultant for Ijarah (Islamic leasing) to assess creditworthiness, process financing applications, and visit clients. The role involves sales, client relationship management, and achie
Data Privacy Officer
Jiddah, KSA
Al Ahli Bank seeks a Data Privacy Officer to execute personal data protection requirements, maintain privacy compliance evidence, and coordinate with business, IT, cybersecurity, legal, and vendors. The role involves man
AP senior Accountant Insurance
Jiddah, KSA
Job Title; AP senior Accountant Insurance Responsible for insurance-related accounting activities, reconciliations, reporting, and supporting compliance with IFRS and internal controls. Priority Responsibility/Tasks (( n