C-Selection Technologies -
Company: C-Selection Technologies –
WebSite: Sheraton, Cairo, Egypt
Job Description:The Cybersecurity Governance, Risk, and Compliance (GRC) Specialist is responsible for the development and maintenance of the organization’s cybersecurity policies, ensuring adherence to regulatory mandates, conducting comprehensive risk assessments, and overseeing third-party security evaluations. This position is critical to aligning the organization with relevant national and international cybersecurity frameworks, including NCA ECC, SAMA CSF, ISO 27001, and NIST.
**Key Responsibilities:**
**Governance & Compliance:**
* Develop, review, and maintain cybersecurity policies, standards, and procedures in accordance with **NCA guidelines**, **ISO 27001**, and **NIST** frameworks.
* Ensure institutional compliance with Saudi Arabian cybersecurity regulations, encompassing the **NCA Essential Cybersecurity Controls**, the **SAMA Cybersecurity Framework**, and other pertinent standards.
* Conduct periodic **gap assessments** and propose remedial actions to guarantee ongoing compliance.
**Risk Management:**
* Perform thorough cybersecurity **risk assessments** to identify vulnerabilities, threats, and control deficiencies.
* Maintain and update the organization’s **risk register**, tracking the progress of mitigation strategies.
* Collaborate with IT and business units to effectively implement **risk treatment plans**.
**Audit & Internal Reviews:**
* Audit the implementation and efficacy of established cybersecurity policies and procedures.
* Conduct **internal compliance reviews** and report findings to senior management.
* Coordinate with **internal and external auditors** during cybersecurity audits and manage the follow-up on corrective actions.
**Awareness & Training:**
* Develop and deliver comprehensive **cybersecurity awareness programs** for all personnel.
* Conduct **role-based security training** for IT and business users.
* Promote a **security-conscious culture** through workshops, phishing simulations, and e-learning modules.
* Monitor and report on training participation and **compliance rates**.
**Incident Response & Regulatory Reporting:**
* Provide support in **incident response** activities, focusing on compliance and documentation requirements.
* Prepare and submit **regulatory compliance reports** as required by relevant bodies (e.g., NCA, SAMA).
Maintain comprehensive documentation to satisfy **audit and legal** requirements.
Skills:
Education:
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
Certificates:
- CRISC – Certified in Risk and Information Systems Control
- ISO 27001 Lead Auditor
- Certified Ethical Hacker (CEH)
- CompTIA PenTest+
Experience:
- 2 to 5 years of hands-on experience in cybersecurity governance, compliance, or risk management.
Technical Skills:
- Strong knowledge of cybersecurity governance, risk management, and compliance standards.
- Proficiency in conducting gap analyses, risk assessments, and developing remediation plans.
- Familiarity with third-party risk management and vendor security assessments.
- Strong analytical thinking and ability to recommend practical solutions.
- Excellent reporting and communication skills in English and Arabic.
- Attention to detail and documentation accuracy.
Soft Skills:
- Excellent problem-solving and analytical skills.
- Strong communication and teamwork abilities.
- Ability to work under pressure and meet tight deadlines when needed.
- Keep learning both technical know-how and personal skills.