GRC Director

Job description / Role

• Assess and document the institution’s compliance and risk posture as they relate to its information assets and operating models across the business units.
• Provide highly skilled, hands-on technical and information security expertise to enhance the development and implementation of the information security management (ISMS) program. The GRC Director will be accountable for identifying, developing, and implementing the necessary controls to ensure the organization’s ISMS program remains robust and current for the firm.
• Accountable to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards, and guidelines.
• Operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
• Operate with a high degree of independence regarding project management activities, including development of project plans and budget/resource estimates.
• Setup a third-party vendor review process to ensure initial and ongoing compliance with our ISO 27001 standards.
• Improve the organization’s security posture through continuous process improvement, policies automation, testing and monitoring.
• Defines and documents business process responsibilities, ownership, exceptions and risks in a GRC tool.
• Develops reporting metrics, dashboards, and evidence artifacts, illustrating the effectiveness of the controls implemented.
• Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
• Documents and reports control failures and gaps to stakeholders.
• Provides remediation guidance and prepares management reports to track remediation activities.
• Assists other staff in the management and oversight of IT security program functions.
• Remains current on best practices and technological advancements and acts as the organization's technical resource for security assessment and ISO 27001 compliance.

Requirements

• Minimum 10+ years of Information Security GRC related experience
• Strong understanding of the ISO 27001 information security framework.
• Demonstrated experience with Information Security Risk Management Programs, specifically helping to define an IS risk register which includes identifying threats and risks to the organization.
• Skilled in identifying and measuring Key Performance Indicators and Key Risks Indicators.
• Experience managing IT security programs in cloud-centric organizations.
• Experience with key cloud providers and their respective IAM security products/solutions.
• Excellent communication and relationship management skills with business stakeholders to identify and address top security risks.
• Experience with leading discussions, establishing outcomes, and negotiate paths forward with stakeholders.
• Excellent analytical and problem-solving skills with attention to detail.
• Proficiency in project management and experience in people leadership
• Ability to evolve security strategy based on research, data, business direction, and industry trends.
• Excellent Team player.
• Able to meet timelines.

About the Company

Saudi Networkers Services, incorporated in 2001 with an aim to provide the world class business and consulting services through a combination of market insight, technical excellence and unrivalled agile methodology.

Our success stems from building strong relationships and trusted partners, which enabled us delivering exceptional services to public sector, as well as some world's leading organizations, in Telecommunication, Information Technology, Cyber Security, Banking, Energy, Utilities and various other industry arenas.

We collaborate closely, ideate that how the work gets done, while working alongside businesses to collaborate on growth and applying breakthrough innovations, that drive exponential impact, managed by teams specialized in their assigned industry sectors.