Overview
GRC Specialist Jobs in Riyadh, Saudi Arabia at Lendo Inc.
At Lendo, we are a fast-growing Fin Tech company on a mission to revolutionize the financial landscape in Saudi Arabia. With ourinnovativedigital lending platform, we empower businesses by providing fast, secure, andtransparentaccess to finance. As we continue to expand, we are seeking a detail-oriented and knowledgeable GRC Specialist to enhance our cybersecurity program by strengthening governance, risk management, and compliance practices.
This role is pivotal in developing, implementing, and maintaining security frameworks, policies, and procedures to ensure compliance with regulatory requirements and industry standards. If you’re passionate about identifying and mitigating risks to protect organizational information assets and are ready to contribute to a robust cybersecurity strategy in adynamic environment, we’d love to hear from you!
Key Responsibilities:
Governance:
Develop, implement, and maintain cybersecurity policies, standards, and procedures in alignment with industry frameworks.
Monitor the effectiveness of cybersecurity governance and provide regular updates toleadership.
Establish and maintain a system for tracking, reporting, and addressing policy exceptions.
Risk Management:
Conduct risk assessments to identify, analyze, and prioritize cybersecurity risks to organizational assets.
Collaborate with business units to design and implement effective risk mitigation plans.
Maintain a risk register and ensure continuous monitoring and reporting of risks.
Compliance:
Ensure compliance with applicable laws, regulations, and standards.
Conduct regular audits and assessments to verify adherence to internal policies and external requirements.
Act as the primary point of contact for regulatory bodies, auditors, and other third-party assessors.
Awareness and Training:
Design and deliver cybersecurity awareness and compliance training programs for employees.
Promote a culture of compliance and risk awareness across the organization.
Incident Response and Reporting:
Support incident response processes by ensuring governance and compliance aspects are addressed.
Provide guidance on documentation and reporting requirements for incidents and breaches.
Continuous Improvement:
Stay current on emerging regulatory requirements, security trends, and best practices.
Recommend and implement improvements to governance, risk, and compliance programs.
Qualifications:
Strong understanding of governance, risk management, and compliance principles.
Knowledge of information security frameworks (e.g., ISO 27001, SAMA CSF, NCA ECC, NIST CSF, COBIT, etc.).
Experience conducting risk assessments and developing mitigation plans.
Familiarity with regulatory requirements (e.g., SAMA regulations).
Proficiency in documenting policies, procedures, and reports.
Preferred Skills:
Hands-on experiencewith GRC tools (e.g., RSA Archer, Service Now GRC, Metric Stream).
Knowledge of cloud security and compliance requirements.
Understanding of audit processes and methodologies.
Understanding of vulnerability management processes.
Education and Certifications:
Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience).
Relevant certifications such as CISA, CRISC, CGEIT, ISO 27001 Lead Implementer/Auditor, or similar are highly desirable.
Personal Attribu…
Title: GRC Specialist
Company: Lendo Inc.
Location: Riyadh, Saudi Arabia
Category: IT/Tech
