Information Security GRC Lead Specialist
Zakat, Tax and Customs Authority
Date: 2 weeks ago
City: Riyadh
Contract type: Full time

Purpose of Job
Jobholders at this level are experienced professionals capable of conducting work with general directions. They are primarily concerned with developing solutions to challenges which require some analysis to understand and resolve, and addressing issues escalated from junior levels. They undertake complex operational activities including assisting in setting information security policies and standards, developing related processes, developing information security, governance, risk and compliance programs, reviewing cybersecurity assessment results and develop accordingly needed mitigation plan, monitoring cybersecurity risk register, following-up on the implementation and recommending improvement actions, recognizing patterns and cases of noncompliance with cybersecurity policies, and identifying gaps and recommend areas of improvement.
Job Responsibilities
Information Security Governance
Bachelor’s degree in Science in Cybersecurity or equivalent is required
Experience
A minimum of 4 years of relevant experience
Competencies
Collaboration and Communication - Developing
IT Operations Management - Proficient
Professionalism - Proficient
Project Management - Proficient
Results Oriented - Proficient
IT Compliance - Advanced
Information Security - Proficient
Customer Focus - Proficient
Enablement of Change and Innovation - Developing
Vendor Management - Proficient
Cybersecurity Incident and Investigation - Proficient
Jobholders at this level are experienced professionals capable of conducting work with general directions. They are primarily concerned with developing solutions to challenges which require some analysis to understand and resolve, and addressing issues escalated from junior levels. They undertake complex operational activities including assisting in setting information security policies and standards, developing related processes, developing information security, governance, risk and compliance programs, reviewing cybersecurity assessment results and develop accordingly needed mitigation plan, monitoring cybersecurity risk register, following-up on the implementation and recommending improvement actions, recognizing patterns and cases of noncompliance with cybersecurity policies, and identifying gaps and recommend areas of improvement.
Job Responsibilities
Information Security Governance
- Set information security policies, standards and develop accordingly related processes ensuring alignment with cybersecurity regulatory requirements
- Design information security procedures and frameworks to ensure consistency in the implementation of security control
- Develop information security, governance, risk and compliance programs for effective management of IT and security risks meeting compliance requirements
- Prepare cybersecurity awareness programs and develop education plan including workshops, seminars, etc. regarding standards, policies and governance processes foster attentiveness and knowledge in cybersecurity topics across ZATCA’s employees
- Conduct cybersecurity risk assessment to identify potential risks and related daily changes initiating the development of needed mitigation plan
- Develop risk mitigation plan and remediation plan to effectively manage risk in accordance with ZATCA’s risk appetite
- Manage cybersecurity risks and risks register to identify, log and track potential risks ensuring compliance with cybersecurity standards and governance policies and procedures
- Follow-up on the implementation of corresponding mitigating controls as per set plan ensuring update of risk register
- Conduct risk assessment for the identified non-conformities during security audits and recommend accordingly needed improvement action for protection and detection capabilities
- Perform information security audit, semiannually assessment against NCA and annually assessment against ISO 27001 to recognize patterns and cases of non-compliance with cybersecurity policies and recommend accordingly areas of improvement
- Manage non-compliance cases improving business process and operations by supporting external assessments against NCA framework
- Develop periodic report consolidating the status of information security compliance and report it with regulates (ISO 27001 & NCA)
- Follow all relevant policies, processes and standard operating procedures so that work is carried out in a controlled and consistent manner
- Help in solving escalated problems and provide needed support for junior team to ensure work is carried out in an efficient manner
- Escalate complex problems to the relevant person to ensure cases/issues are closed properly
- Perform other duties as requested
- Train junior staff on the different job activities to ensure transfer of know-how, when applicable
- Provide clear direction, prioritize tasks, assign and delegate responsibility, and monitor the workflow of subordinates/ junior staff
- Support junior staff or direct reports in order to execute their duties according to set policies and processes
Bachelor’s degree in Science in Cybersecurity or equivalent is required
Experience
A minimum of 4 years of relevant experience
Competencies
Collaboration and Communication - Developing
IT Operations Management - Proficient
Professionalism - Proficient
Project Management - Proficient
Results Oriented - Proficient
IT Compliance - Advanced
Information Security - Proficient
Customer Focus - Proficient
Enablement of Change and Innovation - Developing
Vendor Management - Proficient
Cybersecurity Incident and Investigation - Proficient
How to apply
To apply for this job you need to authorize on our website. If you don't have an account yet, please register.
Post a resumeSimilar jobs
Associate Urban Planning Engineer (Saudi National)
Parsons Corporation,
Riyadh
5 hours ago
In a world of possibilities, pursue one with endless opportunities. Imagine Next!When it comes to what you want in your career, if you can imagine it, you can do it at Parsons. Imagine a career working with intelligent, diverse people sharing a common quest. Imagine a workplace where you can be yourself. Where you can thrive. Where you can find...

معماري Architect
Rakeen Real Estate | ركين العقارية,
Riyadh
1 day ago
إعلان توظيف – معماريتعلن شركة ركين العقارية عن رغبتها في توظيف معماري (Architect)، وذلك في إطار خططها التوسعية الهادفة إلى استقطاب الكفاءات وتطوير بيئة العمل.المتطلبات:1- بكالوريوس في الهندسة المعمارية أو التصميم المعماري.2- خبرة من لا تقل عن 7 سنوات في مجال التصميم المعماري والإشراف على تنفيذ المشاريع العقارية.3- إجادة التعامل مع برامج التصميم الهندسي (AutoCAD, Revit, SketchUp, 3D Max).4- معرفة بالاشتراطات...

Development Manager - Affordable Housing - Residential (RES7)
Qiddiya | القدية,
Riyadh
1 day ago
Qiddiya Investment Company is committed to creating a vibrant and inclusive community in Saudi Arabia, focusing on developing diverse residential offerings. We are seeking a dedicated Development Manager for Affordable Housing to lead the efforts in designing and implementing housing solutions that cater to the needs of the community.In this pivotal role, you will be responsible for overseeing the development...
