This website uses cookies to ensure you get the best experience.

Stellar Hunters and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, that is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Skip to main content
Information Technology & Digital · Multiple locations

Cyber GRC Manager

Cyber GRC Manager needed to lead risk, policy, and audits; partner with Security, IT, Legal, and Risk to mature a practical, business-focused GRC program that reduces cyber risk.

Job Summary

We are seeking a Cyber GRC Manager to lead and mature the company’s cyber governance, risk, and compliance (GRC) program. The successful candidate will partner with Security, IT, Legal, Risk, and business stakeholders to design, implement, and operate controls, policies, and risk management practices that reduce cyber risk and support business objectives. This role will own compliance initiatives, third-party risk assessments, policy lifecycle management, and metrics to drive continuous improvement across the organization.

Key Responsibilities

GRC Strategy & Program Leadership

  • Develop and evolve a risk-based cyber GRC strategy that aligns with enterprise risk appetite and business priorities.

  • Lead the GRC program, including governance forums, risk assessment cadence, control frameworks, and remediation tracking.

  • Partner with senior leadership to translate regulatory and business requirements into practical program objectives and roadmaps.

Policy, Standards & Control Management

  • Maintain and enhance information security policies, standards, and procedures; ensure clear ownership and version control across the policy lifecycle.

  • Define and maintain control objectives mapped to frameworks (e.g., NIST CSF, ISO 27001, SOC 2) and ensure consistent implementation across teams.

  • Coordinate control testing, assessments, and remediation activities with internal teams and external assessors.

Risk Assessment & Third-Party Risk Management

  • Conduct enterprise and technology risk assessments; identify, evaluate, and prioritize cyber risks and mitigation plans.

  • Own third-party risk management processes including vendor risk assessments, due diligence, contract security requirements, and ongoing monitoring.

  • Work with procurement and vendor owners to remediate deficiencies and reduce supply chain risk.

Compliance & Audit Support

  • Manage compliance programs and readiness for relevant regulations and standards (e.g., SOC 2, ISO 27001, GDPR, HIPAA where applicable).

  • Act as primary liaison for internal and external audits, prepare evidence and reporting, and coordinate remediation activities.

  • Maintain documentation and continuous evidence of controls to support attestations and regulatory reporting.

Metrics, Reporting & Continuous Improvement

  • Define and report GRC metrics and dashboards (e.g., risk posture, control maturity, remediation timelines, vendor risk status) to leadership and stakeholders.

  • Use data and trend analysis to identify program gaps, recommend improvements, and measure the effectiveness of risk reduction efforts.

  • Develop and maintain GRC playbooks, runbooks, and process documentation to enable repeatable, auditable practices.

Required Qualifications - Skills & Experience

  • Bachelor’s degree in Information Security, Cybersecurity, IT, Risk Management, or a related field, or equivalent practical experience.

  • 5+ years of hands-on experience in cyber governance, risk, and compliance, information security, or related roles.

  • Practical knowledge of common security frameworks and standards (e.g., NIST CSF, ISO 27001, SOC 2) and experience mapping controls to frameworks.

  • Experience managing third-party/vendor risk assessments, contract security requirements, and remediation workflows.

  • Strong communication and stakeholder management skills with the ability to influence technical and non-technical audiences.

  • Analytical mindset with experience developing risk assessments, metrics, and executive-level reporting.

  • Familiarity with GRC platforms, risk assessment tools, ticketing systems, and common productivity software.

Preferred Qualifications

  • Relevant certifications such as CISSP, CISM, CRISC, CISA, or CDPSE preferred.

  • Experience supporting SOC 2, ISO 27001, or other third-party audits and working with external assessors.

  • Background in cloud security, identity and access management, or secure software development lifecycle practices.

  • Experience implementing or operating GRC tooling (e.g., Archer, RiskLens, OneTrust, ServiceNow GRC) is a plus.

Work Environment & Compensation

  • Full-time position with a hybrid onsite/remote model; occasional travel and after-hours engagement may be required to support assessments and incident response activities.

  • Competitive salary commensurate with experience and a comprehensive benefits package, including health insurance, retirement plan options, and paid time off.

  • Opportunities for professional development, cross-functional collaboration, and career growth within Security, IT, and Risk functions.

  • Inclusive, respectful culture that values diversity, equity, and work-life balance.

Department
Information Technology & Digital
Role
Cyber GRC Manager
Locations
Dammam, Jeddah, Riyadh, Cairo, Amman, Dubai, Delhi, Lahore
Picture of Menna Sadek
Contact Menna Sadek Talent Acquisition Consultant – Human Resources & Administration

About Stellar Hunters

At Stellar Hunters, we specialize in connecting businesses with transformative talent through tailored recruitment and workforce solutions. With expertise in executive search, resource augmentation, and remote team outsourcing, we deliver scalable and efficient strategies that align with your organization’s unique goals.

Our deep understanding of local markets, particularly in the GCC region, positions us as a trusted partner for businesses navigating complex talent challenges. Leveraging AI-driven processes and a network of over 3 million candidates, we are committed to accelerating your success by securing leaders and professionals who drive results.

Founded in 2023
Information Technology & Digital · Multiple locations

Cyber GRC Manager

Cyber GRC Manager needed to lead risk, policy, and audits; partner with Security, IT, Legal, and Risk to mature a practical, business-focused GRC program that reduces cyber risk.

Loading application form

Already working at Stellar Hunters?

Let’s recruit together and find your next colleague.

@stellarhunters.com
Applicant tracking system by Teamtailor