Technology Risk And Cybersecurity GRC Senior Specialist

Job description / Role

Job description

We are seeking a cybersecurity GRC specialist to support our cybersecurity governance, risk, and compliance activities with strong technical expertise. The role will also oversee managed cybersecurity service providers such as managed SOC and managed email security.

Key responsibilities:

• Support the development and implementation of cybersecurity policies, standards, and compliance frameworks (ISO 27001, NIST).
• Conduct cybersecurity risk assessments and internal control reviews.
• Oversee and manage cybersecurity service providers (managed SOC, managed email security).
• Monitor vendor performance and validate service levels (SLAs/KPIs).
• Coordinate cybersecurity audits and support audit readiness.
• Follow up on incident response and threat monitoring activities handled by service providers.
• Assist in security awareness and compliance training initiatives.
• Occasional interaction with regional cybersecurity teams and vendors is required.

Personal skills

• Bachelor's degree in computer science, cybersecurity, information technology, or a related field.
• Minimum of 3 to 6 years of experience in cybersecurity GRC roles with technical exposure.
• Good understanding of security operations, incident response, and email security technologies.
• Vendor management skills (monitoring, reporting, issue escalation).
• Strong communication skills in English (Arabic is a plus).
• Good analytical thinking and problem-solving skills.
• Experience working in a cybersecurity role within Egypt or the Middle East region is a plus.

Technical skills

• Strong understanding of cybersecurity frameworks such as ISO 27001 and NIST CSF.
• Experience managing or working closely with cybersecurity managed services providers.
• Experience with SIEM, email security, and vulnerability management tools is preferred.
• Certifications: At least two of the following certifications are required:
  • ISO 27001 Lead Implementer or Auditor
  • CISA (Certified Information Systems Auditor)
  • CISM (Certified Information Security Manager)
  • CISSP (Certified Information Systems Security Professional)

About the Company

Giza Systems, a leading systems integrator in the MEA region, designs and deploys industry-specific technology solutions for asset-intensive industries such as the telecoms, utilities, oil and gas, hospitality and real estate among other market sectors. We help our clients streamline their operations and businesses through our portfolio of solutions, managed services, and consultancy practice. Our team of 1000 professionals are spread throughout the region with anchor offices in Cairo, Riyadh, Dubai, Doha, Nairobi, Dar-es-Salaam, Abuja, Kampala and New Jersey, allowing us to service an ever-increasing client base in over 40 countries.