74 Grc Intern jobs in Saudi Arabia

The GRC Information Security Consultant is responsible for the collaboration with the company's customers and providing the required GRC services and solutions, by making sure that the customer's Security Risk Management. Programs are managed and that compliance objective are in place and achieved.

The GRC Risk Consultant supports the organization by identifying, reporting, and directing recovery activities and solutions for key risks within the IT organization, making sure that the activities are aligned with overall risk management strategy. The GRC Consultant also supports the development and review of security policies, standards and guides.

Responsibilities :

Conducting GRC professional services internally and to customers.

Developing and implementing customized GRC programs.

Developing cybersecurity strategy, objectives, policies, standards, guidelines, and procedures.

Performing risk analysis including risk identification, assessment, mitigation, and monitoring for

organizations.

Performing compliance assessments against cybersecurity frameworks.

Performing cybersecurity audit activities.

Developing and implementing cybersecurity awareness programs.

Managing the GRC platform.

Establish, manage, and monitor the organization's risk register and provide periodic reporting.

Focal point of contact for GRC projects, initiatives, programs.

Develop strong relationships with both customers and internal stakeholders.

Participate in due diligence activities related to mergers and acquisitions, by providing recommendations

to senior management.

The GRC Information Security Consultant is responsible for the collaboration with the company's customers and providing the required GRC services and solutions, by making sure that the customer's Security Risk Management. Programs are managed and that compliance objective are in place and achieved.

The GRC Risk Consultant supports the organization by identifying, reporting, and directing recovery activities and solutions for key risks within the IT organization, making sure that the activities are aligned with overall risk management strategy. The GRC Consultant also supports the development and review of security policies, standards and guides.

Responsibilities :

Conducting GRC professional services internally and to customers.

Developing and implementing customized GRC programs.

Developing cybersecurity strategy, objectives, policies, standards, guidelines, and procedures.

Performing risk analysis including risk identification, assessment, mitigation, and monitoring for

organizations.

Performing compliance assessments against cybersecurity frameworks.

Performing cybersecurity audit activities.

Performing cybersecurity maturity assessments.

Developing and implementing cybersecurity awareness programs.

Managing the GRC platform.

Establish, manage, and monitor the organization's risk register and provide periodic reporting.

Focal point of contact for GRC projects, initiatives, programs.

Develop strong relationships with both customers and internal stakeholders.

Participate in due diligence activities related to mergers and acquisitions, by providing recommendations

to senior management.

Bachelor's or master's degree in information security or information technology

Certifications such as CISSP, CISM, CISA, CRISC, GSEC, ISO27001 or PCIP are preferred

5-10 years of experience

Experience in Information Security

Company Industry

• IT - Software Services

Department / Functional Area

• Corporate Planning
• Consulting
• M&A

Keywords

• GRC Consultant

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at

Our Culture

At ZainTECH we are proud of our culture and how it drives everything we do. We are looking for individuals who share our values and want to be part of a unique and engaging culture that revolves around collaboration and innovation. If you are looking for a role where you can drive engagement and excellence across teams through commitment and collaboration, and are someone who is customer-centric and appreciates an organization with uncompromised integrity that focuses on employee engagement then read on to learn more about how you can become part of the ZainTECH family.

The GRC Consultant will be responsible for advising clients on the development, implementation, and improvement of their cybersecurity GRC frameworks. This role involves assessing cybersecurity risks, ensuring compliance with cybersecurity regulations, and enhancing governance structures to support secure and resilient organizational operations.

• Develop and implement governance frameworks and policies to ensure effective decision-making processes.
• Advise on best practices in cybersecurity governance, including board practices, ethics, and transparency.

• Conduct comprehensive risk assessments to identify potential threats and vulnerabilities.
• Develop risk mitigation strategies and internal controls to manage and reduce risks.

• Conduct compliance audits and assessments to evaluate organizational adherence to regulatory requirements.

• Provide expert advice to clients on developing and improving their GRC frameworks and processes.
• Assist clients in implementing GRC tools and technologies.
• Prepare and present reports on the status of governance, risk, and compliance efforts to senior management and boards of directors.

• Collaborate with various stakeholders, including executives, managers, and external regulators, to ensure alignment with GRC initiatives.

• Identify opportunities for continuous improvement in GRC practices.
• Stay updated on emerging cybersecurity threats, regulatory changes, and industry trends to keep the organization ahead of potential challenges.

For Saudi Nationals only as per customer compliance requirements

One year contract not renewable

Role:
Job is to lead information security Governance, Risk Management and Compliance Engagements for Jafeer Customers.

Responsibilities:

• Lead/Participate in various IT Risk Management & Business continuity initiatives.


• Ensuring that requirements in IT Audit, Standard, Policy, Compliance and Risk controls are met.


• Provide GRC consultancy and best practices to business teams
  Ensure external auditors have the access and information they need to complete their audit successfully.


• Design audit programs and test plans to determine the adequacy and effectiveness of internal controls and compliance with Enterprise policies and procedures and applicable regulations.


• Conduct interviews and process walkthroughs with of select personnel and document and assess business processes and information systems to determine the adequacy of the control environment.


• Demonstrate well IT auditing based on industry best practices and regulations.

Skills

Possesses a high degree of independence, integrity, and confidentiality while able to develop independently and deliver presentations and can respond to questions.
Demonstrates understanding and use of basic project management methodologies.
Ability to document and explain technical details in a concise, understandable manner.
Highly organized and able to multi-task and manage concurrent deadlines and able to contribute to effectively and lead working groups.
Ability to successfully interface with clients (internal and external)
Excellent communication skills

GRC specialist's job is to participate in information security governance, risk management, and compliance engagements within Jafeer and for Jafeer customers.

• Participate in various IT risk management and business continuity initiatives.
• Ensure that requirements in IT audit, standard, policy, compliance, and risk controls are met.
• Ensure external auditors have the access and information they need to complete their audit successfully.
• Conduct interviews and process walkthroughs with select personnel and document and assess business processes and information systems to determine the adequacy of the control environment.
• Demonstrate well IT auditing based on industry best practices and regulations.

• Demonstrates a high level of independence, integrity, and confidentiality, with the ability to independently develop and deliver presentations, as well as respond to inquiries.
• Shows an understanding and application of fundamental project management methodologies.
• Capable of documenting and articulating technical details clearly and succinctly. Exceptionally organized, with the ability to multitask, handle simultaneous deadlines, and effectively contribute to and lead teams.
• Skilled at engaging with clients, both internal and external.
• Possesses outstanding communication abilities.
• This job might require frequent traveling within Saudi Arabia and sometimes outside of Saudi Arabia.

• Familiarity with various information security standards and frameworks, including ISO 27000 series, NIST, PCI DSS, and BCP/DR/Crisis Management, is essential.
• Candidate should have 0-2 years of relevant experience in IT risk and compliance and knowledge of risk management, preferably with exposure to GRC tools.
• Experience in the assessment, development, and deployment of security policies, procedures, and standards is preferred.
• ISO 27000 lead implementer/auditor, CISA, CISM, CRISC, CISSP, PMP, or similar certifications is advantageous.

Bachelor's degree in computer science, software engineering, or a related field.

The Principal Consultant is an experienced GRC expert who provides advanced cybersecurity GRC advisory services, delivers complex client engagements, and supports the strategic execution of cybersecurity governance, risk, and compliance projects. They act as the go-to experts on niche and advanced GRC topics, contributing to both project success and team knowledge enhancement.

1. Lead and execute high-complexity GRC projects, including risk assessments, compliance, and gap assessments.
2. Develop tailored governance frameworks, policies, and control environments aligned with clients' applicable regulations and preferable standards.
3. Deliver high-quality reports, presentations, and roadmaps, ensuring clarity and actionable outcomes for clients.
4. Collaborate with senior consultants to align deliverables with project objectives and timelines.
5. Act as an SME on cybersecurity frameworks, providing technical insights and recommendations to clients.
6. Develop and refine methodologies, templates, and tools to improve the delivery of GRC services.
7. Ensure projects are delivered on time, within scope, and aligned with client expectations.
8. Stay up to date with evolving regulations, industry standards, and best practices to maintain thought leadership in the GRC domain.
9. Mentor junior consultants, providing guidance on technical and professional growth.
10. Foster a collaborative and innovative culture within the team.
11. Identify opportunities to expand GRC services and contribute to business growth.

1. Bachelor's degree in Cybersecurity, Information Technology, or related fields.
2. 6-8+ years of experience in GRC consulting or a related cybersecurity domain.
3. Advanced certifications: ISO 27001 Lead Auditor/Implementer, CRISC, CISM, CISSP, or similar.
4. Strong and deep expertise in multiple cybersecurity frameworks and risk management methodologies.
5. Excellent analytical skills, with the ability to assess complex environments and recommend practical solutions.
6. Advanced communication and presentation skills, particularly when engaging with senior stakeholders.
7. Ability to manage multiple client engagements simultaneously while maintaining high standards.
8. Collaborative mindset, with a focus on mentoring and supporting the professional growth of team members.

Join to apply for the Cybersecurity GRC Specialist role at Saudi Networkers Services

Join to apply for the Cybersecurity GRC Specialist role at Saudi Networkers Services

• Develop, implement, and maintain cybersecurity policies, standards, and procedures in alignment with industry frameworks (e.g. NIST, ISO 27001).
• Conduct risk assessments and identify vulnerabilities, recommending appropriate controls and mitigation strategies.
• Ensure compliance with relevant data protection regulations (e.g. GDPR, CCPA) and industry-specific mandates.
• Manage and support internal and external audits related to cybersecurity and IT controls.
• Develop and deliver GRC awareness training programs for employees.
• Monitor the regulatory landscape for changes and update GRC frameworks accordingly.
• Collaborate with legal, IT, and business units to integrate GRC requirements into projects and operations.
• Track and report on the status of GRC initiatives and security posture to leadership.
• Support incident response efforts by ensuring compliance with established procedures.
• Evaluate and recommend GRC tools and technologies to improve efficiency and effectiveness.

• Entry level

• Full-time

• Engineering and Information Technology

• Business Consulting and Services

Overview

MBC GROUP is the leading media organization in the MENA region with a global audience of over 150 million viewers and a multi-platform presence. We are seeking a dedicated and detail-oriented Security GRC (Governance, Risk, and Compliance) Analyst to join our team to establish a new Cyber GRC function. You will help ensure regulatory compliance, manage risks, and implement robust governance frameworks to support our technology services and customer products.

• Security Risk Management: Adhere to regional policy and industry standards to facilitate end-to-end security risk management, ensuring risks are proactively identified, assessed, recorded, and mitigated.
• Maintain a risk register and evaluate security risks based on enterprise-wide and product impact, likelihood, and mitigation strategies.
• Serve as a trusted security advisor, collaborating with IT, Internal Audit, Development/Engineering, and other business teams to foster a culture of risk awareness.
• Ensure security risks align with regulatory requirements such as ISO 27001, NIST, GDPR, and other international frameworks.
• Provide oversight and collaborate with risk owners to develop and implement treatment plans addressing identified risks.

• GRC Tool Management: Own and continuously enhance the GRC platform to deliver structured and scalable GRC reporting.
• Develop new features with a GRC product mindset, focusing on integrations and custom reporting.
• Plan and prioritize tasks to deliver timely, coordinated projects.
• Set up and manage automated workflows that integrate compliance checks on security controls across cloud and on-premise environments.
• Write compliance as code with third-party tools and explore using AI services to analyze, organize, automate, and manage compliance frameworks and regulatory requirements.

• Audit & Compliance Requirements: Conduct continuous assessments to ensure compliance with necessary certifications and standards.
• Collaborate with Cyber teams to ensure compliance with audit requirements and ISO 27001 deliveries.
• Address internal and external audit findings from reporting through remediation and closure.

• Governance: Document, manage, and maintain a central repository of cyber and data policies to guide teams.
• Prepare management meeting reports by tracking risk triage updates, changes to the critical risk register, and risk mitigation strategies.
• Provide updates on certification compliance milestones for management reporting.

• Security Team & Data Governance Collaboration: Establish close collaboration with the Cyber Defense and Data Governance teams to leverage their expertise and enhance security and data compliance.

• Technical Expertise: Experience with AWS, GCP, and Azure, including cloud security, architecture, and management.

• Security Tools: Familiarity with SIEM (e.g., Splunk, ELK Stack), vulnerability management (e.g., Wiz, Tenable, Rapid7), WAF, DDoS protection (e.g., AWS Shield, Cloudflare), and endpoint security.

• GRC Management: Proficient in using centralized GRC tooling.

• Analytics and Reporting: Experience in analyzing technical debt and incidents to generate risk insights; ability to identify system performance patterns using observability tools.

• Compliance and Governance: Familiarity with ISO 27001, NIST, GDPR, and CCPA.

Education :

• Bachelor’s degree in Information Security, Computer Science, or related field.

Experience :

• Minimum of 3 years in GRC, risk management, or a related role. Experience in the digital entertainment or VOD industry is a plus. Experience with Saudi Government's National Cybersecurity Authority (NCA) is a plus.

Skills :

• Strong understanding of regulatory requirements and industry standards.
• Excellent analytical and problem-solving skills.
• Effective communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Professional certifications such as CRISC, CISA, or CISSP are a plus.
• Ability to work in a fast-paced, dynamic environment.

The Cybersecurity GRC (Governance, Risk, and Compliance) Specialist is responsible for developing, implementing, and maintaining the organization’s cybersecurity governance framework, risk management processes, and compliance programs. This role ensures that security policies, standards, and procedures are aligned with regulatory requirements and industry best practices, while supporting business objectives and minimizing cyber risks.

• Develop, implement, and maintain cybersecurity governance frameworks, policies, and procedures.
• Conduct risk assessments to identify, evaluate, and mitigate information security risks across systems, processes, and vendors.
• Monitor and ensure compliance with relevant laws, regulations, and standards (e.g., ISO 27001).
• Collaborate with internal teams to ensure security controls are designed, implemented, and operating effectively.
• Prepare and deliver compliance reports, risk assessments, and audit findings to management.
• Support internal and external audits by providing documentation, evidence, and remediation plans.
• Provide guidance and training to employees on security policies and compliance requirements.
• Stay updated on emerging cybersecurity regulations, threats, and best practices.
• Assist in incident response planning and ensure governance and compliance aspects are addressed.
• Work closely with stakeholders to integrate GRC considerations into strategic and operational decision-making.

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field (Master’s preferred).
• Professional certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, or equivalent are a plus.
• 2+ years of experience.

• Seniority: Mid-Senior level
• Employment type: Full-time
• Job function: Consulting, Information Technology, and Strategy/Planning
• Industries: IT System Custom Software Development, Technology, Information and Media, and Computer and Network Security