GRC Expert

We are seeking a GRC Expert with 4+ years of hands‑on experience to support the operation of our GRC department. This role requires a strong background in international certification frameworks (ISO 27001, SOC 2), comprehensive risk‑management experience, and specific expertise in identity and access management (IAM) governance.

• Lead the preparation and execution of external audits for ISO 27001 and SOC 2 (Type 1 & 2) certifications
• Manage compliance with local Saudi regulations, specifically NCA ECC and SAMA cybersecurity frameworks
• Utilize the Vanta platform to map internal controls to regulatory requirements (custom frameworks) and automate evidence collection
• Monitor compliance posture daily, ensuring all automated tests in Vanta are passing and remediating gaps promptly

• Oversee the IAM lifecycle from a governance perspective, ensuring “Least Privilege” and “Need‑to‑Know” principles are enforced
• Manage and execute quarterly access review campaigns within Vanta
• Monitor IdP integrations (e.g., Okta, Azure AD, Google Workspace) to ensure 100 % MFA adoption and timely off‑boarding of terminated users
• Review and approve privileged access requests and ensure proper documentation of business needs

• Maintain and update the organizational risk register
• Conduct periodic risk assessments, identifying threats and vulnerabilities, and track risk‑treatment plans to closure
• Perform third‑party risk management (TPRM) assessments for new and existing vendors

• Review and update information‑security policies and procedures annually or as needed
• Coordinate internal audits and pre‑assessments to ensure readiness for external certification bodies
• Assist in responding to client security questionnaires and maintain the Vanta trust centre

• Minimum of 4 years dedicated experience in GRC, information security, or IT audit
• Deep understanding of ISO 27001 and SOC 2 controls
• Familiarity with NCA ECC and SAMA regulations
• Experience with automated GRC platforms
• Solid understanding of IAM concepts (RBAC, SSO, MFA, PAM)
• Proficiency in risk‑assessment methodologies (e.g., ISO 27005, NIST SP 800‑30)

• Holding at least one relevant certification is preferred (CISA, CISM, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor)

• Excellent communication skills in English (Arabic is a strong plus)
• Ability to work independently and manage multiple audit timelines simultaneously
• Strong analytical and problem‑solving skills

• 💰
  Competitive Package – Salary + equity options + performance incentives
• 🧘
  Flexible & Remote – Work from anywhere with an outcomes‑first culture
• 🤝
  Team of Experts – Work with designers, engineers, and security pros solving real‑world problems
• 🚀
  Growth‑Focused – Your ideas ship, your voice counts, your growth matters
• 🌍
  Global Impact – Build products that protect critical systems and data

Seniority level:
Mid‑Senior level

Employment type:

Full‑time
Job function:
Other
Industries: IT Services and IT Consulting