GRC Specialist (KSA National)

Our Culture:

At Zaintech we are proud of our culture and how it drives everything we do. We are looking for individuals who share our values and want to be part of a unique and engaging culture that revolves around collaboration and innovation. If you are looking for a role where you can drive engagement and excellence across teams through commitment and collaboration, and are someone who is customer-centric and appreciates an organization with uncompromised integrity that focuses on employee engagement then read on to learn more about how you can become part of the Zaintech family.

Our Code of Conduct:

At Zaintech we strictly adhere to our code of conduct, which is there to serve as a moral compass, offering a framework for responsible behaviours and enabling ethical choices that cultivate positive relationships and a better future. It also outlines policies, standards, and procedures for our global operations, promoting integrity and ethical excellence across the countries we engage with.

Every year, all employees are required to review, comprehend, confirm, and adhere to the code of conduct. Additionally, all newly hired employees are subject to the same as part of their onboarding process.

Role Summary

Develops, updates and maintains cybersecurity policies to support and align with an organization’s cybersecurity requirements. Identifies, assesses and manages an organization’s cybersecurity risks to protect its information and technology assets. Ensures an organization’s cybersecurity program complies with applicable requirements, policies and standards.

Duties and Responsibilities:

• Develop cybersecurity policies and related documentation.

• Establish and maintain appropriate communication channels with stakeholders.

• Review existing proposed policies and related documentation with stakeholders.

• Cooperate with relevant regulatory agencies and other legal entities in any compliance reviews or investigations.

• Develop Cybersecurity Awareness program

• Promote awareness of cyber policy and strategy as appropriate among the organization's management and staff.

• Interpret and apply applicable laws, statutes and regulatory documents to ensure they are reflected in the cybersecurity policies.

• Create and publish the organization's cybersecurity policy

• Monitor how effectively cybersecurity policies, principles and practices are implemented in the delivery of planning and management services.

• Review, conduct, or participate in audits of cyber programs and projects.

• Develop risk mitigation strategies to effectively manage risk in accordance with organizational risk appetite

• Develop specific cybersecurity countermeasures and risk mitigation strategies.

• Ensure that decisions relating to cybersecurity are based on sound risk management principles

• Perform risk analysis whenever an application or system undergoes a major change

• Provide input to the risk management framework and related documentation.

• Ensure cybersecurity risks are identified and managed appropriately through the organization's risk governance process.

• Conduct an initial risk assessment of stakeholder assets and update the risk assessment on an ongoing basis.

• Use continuous monitoring tools to assess risk on an ongoing basis.

• Analyze organization's cybersecurity defense policies and configurations to evaluate compliance with regulations and organizational directives.

• Evaluate cybersecurity aspects of contracts to ensure compliance with financial, contractual, legal and regulatory requirements.

• Recognize patterns of non-compliance with cybersecurity policies and related documentation to identify ways to improve the documentation.

• Periodically review cybersecurity strategy, policies and related documents to maintain compliance with applicable legislation and regulation.

• Work with stakeholders to resolve cybersecurity incidents and vulnerability compliance issues.

• Develop specifications to ensure that risk, compliance and assurance efforts conform with cybersecurity requirements.

• Monitor and evaluate a system's compliance with cybersecurity, resilience and dependability requirements.

• Provide support to compliance activities as necessary.

• Maintain knowledge of applicable legislation, regulation and accreditation standards and regularly review these to ensure continued organizational compliance

Requirements

1. Minimum Qualification and certifications

• Education: Bachelor’s in Computer Science, Information Security or related field.
• Experience: 3-5 years of experience in GRC.
• Language: Very Good English and Arabic.

2. Skills, Knowledge and Abilities:

• Knowledge of network components, their operation and appropriate network security controls and methods.
• Knowledge and understanding of risk assessment, mitigation and management methods
• Knowledge of relevant cybersecurity aspects of legislative and regulatory requirements, relating to ethics and privacy.
• Knowledge of the principles of cybersecurity and privacy.
• Knowledge of cybersecurity related threats and vulnerabilities.
• Knowledge of the likely operational impact on an organization of cybersecurity breaches.
• Knowledge of system and application security threats and vulnerabilities.
• Knowledge of the national cybersecurity regulations and requirements relevant to the organization.
• Knowledge of the organization's core business processes and how cybersecurity affects them.
• Knowledge of relevant laws, legal authorities, restrictions and regulations that govern and are applicable to cybersecurity activities.
• Knowledge of the full spectrum of defensive and offensive cybersecurity capabilities.
• Knowledge of emerging technologies and their potential for exploitation.
• Knowledge of cybersecurity authentication, authorization and access control methods.
• Knowledge of vulnerabilities in applications and their likely impact.
• Knowledge of the organization's risk management processes and procedures.
• Knowledge of import and export control regulations relevant to cybersecurity risk management activities, knowledge and technologies.
• Knowledge of supply chain risk management standards, processes and practices from a cybersecurity perspective.
• Knowledge of data classification standards and methodologies as they relate to the management of cybersecurity risk.
• Knowledge of organizational objectives, leadership priorities and risk management methods.
• Knowledge of what constitutes a threat to network security.
• Skill in performing cybersecurity related impact and risk assessments.
• Skill in effectively communicating with all levels of staff.
• Skill in using risk scoring to inform performance-based and cost-effective approaches to help an organization manage its cybersecurity risk.
• Skill in planning and carrying out administrative activities relating to cybersecurity.
• Skill in preparing plans and related documentation.
• Ability to develop policy and related documentation to support business and maintain compliance with legislative, regulatory and contractual obligations.
• Ability to develop, update and maintain cybersecurity related documentation.
• Ability to select appropriate mitigation techniques within the organization's goals and policies.
• Ability to communicate technical and planning information at the same level as a stakeholder's understanding.
• Ability to work with Leadership to provide oversight for all cybersecurity risk management related activities.
• Ability to implement supply chain risk management standards.
• Ability to develop clear, concise and effective instructional materials.