GRCL Specialist

GRCL Specialist

الوصف الوظيفي

• Implement security controls, risk assessment framework, and program that aligns to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances department objectives
• Develop cybersecurity policies and related documentation.
• Evaluate risks and develops security standards, procedures, and controls to manage risks. Improves SAICO security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
• Implements processes, such as GRC (governance, risk, and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing.
• Develop reporting metrics, dashboards, and evidence artifacts.
• Define and document business process responsibilities and ownership of the controls in GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
• Updates security controls and supports all stakeholders on security controls covering internal assessments, regulations, and protecting Personally-Identifying Information (PII) data.
• Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test results, phishing, and social engineering tests and attacks.
• Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
• Review, conduct or participate in audits of cyber programs and projects
• Periodically review cybersecurity policies and related documents to comply with applicable legislation and regulation.
• Analyze the organization's cybersecurity defense policies and configurations to evaluate compliance with regulations and organizational directives.
• Provide an accurate technical evaluation of software applications, systems, or networks and document their compliance with agreed cybersecurity requirements.
• Remain current on best practices and technological advancements, applicable privacy laws, regulations, and accreditation standards

المهارات

• Ability to demonstrate understanding of vulnerability remediation
• Expert knowledge in IT security best practices and solutions.
• Certified in governance
• Security+, ISO 27001, or ISO 27005 certificate
• Good understanding of IT Applications
• Good understanding of software development practices and coding.
• OWASP experience and knowledge.

تفاصيل الوظيفة

منطقة الوظيفة

الروضة, جدة , المملكة العربية السعودية

قطاع الشركة

أمن المعلومات و الشبكات

طبيعة عمل الشركة

صاحب عمل (القطاع الخاص)

نوع التوظيف

دوام كامل

الراتب الشهري

غير محدد

عدد الوظائف الشاغرة

1

المرشح المفضل

عدد سنوات الخبرة

الحد الأدنى: 3 الحد الأقصى: 5

الشهادة

بكالوريوس/ دبلوم عالي

للتقدم على الوظيفة