Cyber Security GRC Specialist
Cyber Security GRC Specialist
الوصف الوظيفي
Job Summary
Under the direction of management, the incumbent coordinates and performs security assessment functions, control testing reporting, and activities in accordance of Internal Controls compliance, regulatory and departmental policy and procedures. The cyber Security GRC Specialist updates and maintains control matrices and spreadsheets and provides recommendations for management’s consideration. This position ensures compliance with Tamara’s internal controls, regulatory and information security policies and procedures. The incumbent works with internal audit, external audit firms, and regulatory agencies to provide supportive documentation as applicable. The Cyber Security GRC Specialist takes a lead role in ensuring the security of all protected information collected, used, maintained.
Typical Duties and Responsibilities:
- Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances College business objectives.
- Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves Tamara’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
- Defines and documents business process responsibilities and ownership of the controls in the GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
- Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations (SAMA, NCA, and GCC), protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).
- Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
- Help in documenting and reporting control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
- Assists other staff in the management and oversight of security program functions.
- Trains, guides, and acts as a resource on security assessment functions to other departments within the College.
- Remains current on best practices and technological advancements and acts as the College’s technical resource for security assessment and regulatory compliance.
- Performs other related duties as assigned.
المهارات
Minimum Qualifications:
- Bachelor’s degree or Diploma in information technology or computer science is required..
- 3-5 years of applied work experience in IT infrastructure/cybersecurity programs, audits, assessments, risk, remediation, or cyber security compliance management.
Qualifications:
Security +, CISA, CRISC, CISM ,ISO27001
Knowledge of:
- Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations (SAMA, NCA, ISO 27001, and PCI DSS);
- Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols;
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration;
- Information systems auditing, monitoring, controlling, and assessment process;
- Incident response management;
- Risk assessment and management methodology.
Skills in:
- Developing and implementing enterprise governance, risk, and compliance strategy and solutions;
- Researching and locating information related to internal and external organizations using online and other sources;
- Security project management and planning;
- Maintaining confidentiality;
- Troubleshooting and operating a computer and various software packages;
- Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions;
- Using judgment and ingenuity in maintaining objectives and technical standards;
- Working with diverse academic, cultural and ethnic backgrounds of community college students and staff. Ability to:
- Effectively communicate technical issues to diverse audiences, both in writing and verbally;
- Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process;
- Evaluate and update and/or revise program materials;
- Learn quickly and apply knowledge to new situations;
- Handle sensitive and confidential matters, situations, and data;
- Understand and follow broad and complex instructions;
- Interact positively with staff, the Board, the public, and regulatory agencies in order to enhance effectiveness and to promote quality service;
- Work independently and prioritize multiple tasks and adapt to needed changes.
تفاصيل الوظيفة
- منطقة الوظيفة
- المملكة العربية السعودية
- قطاع الشركة
- خدمات تكنولوجيا المعلومات
- طبيعة عمل الشركة
- صاحب عمل (القطاع الخاص)
- الدور الوظيفي
- تكنولوجيا المعلومات
- نوع التوظيف
- دوام كامل
- الراتب الشهري
- غير محدد
- عدد الوظائف الشاغرة
- 1
المرشح المفضل
- عدد سنوات الخبرة
- الحد الأدنى: 2
- الشهادة
- بكالوريوس/ دبلوم عالي