Cyber GRC Specialist
Cyber GRC Specialist: partner across Security, IT, Legal, and Compliance to translate risk into practical controls, drive audits, and continuously raise our security posture.
Job Summary
We are seeking a Cyber GRC Specialist to support and advance the company’s cybersecurity governance, risk management, and compliance (GRC) initiatives. The successful candidate will collaborate with Security, IT, Legal, Privacy, Compliance, and business teams to identify and manage cyber risk, implement controls, maintain compliance with applicable frameworks and regulations, and support continuous improvement of the security posture. This role requires a pragmatic, consultative approach and the ability to translate technical security concepts into business risk terms.
Key Responsibilities
Governance & Policy
Develop, maintain, and operationalize cybersecurity policies, standards, and procedures aligned with industry frameworks and regulatory requirements (e.g., NIST CSF, ISO 27001, SOC 2, PCI, relevant regional regulations).
Support security governance forums and reporting to senior leadership and stakeholders on cyber risk, control effectiveness, and remediation progress.
Collaborate with cross-functional teams to ensure security requirements are integrated into business processes, projects, and third-party relationships.
Risk Management & Assessments
Conduct and coordinate risk assessments, control gap analyses, and threat/risk modeling for systems, applications, and third-party services.
Maintain the risk register, prioritize remediation activities, and track closure of identified vulnerabilities and control deficiencies.
Perform vendor security and risk assessments; review third-party contracts and recommend appropriate security controls and contractual language.
Compliance & Audit Support
Support internal and external compliance initiatives, audits, and certifications (e.g., SOC 2, ISO 27001), including evidence collection, control testing, and remediation coordination.
Monitor regulatory and industry compliance requirements and translate obligations into practical control and process requirements across the organization.
Prepare and maintain documentation, control narratives, and artifacts required for assessments and regulatory inquiries.
Incident Response & Continuous Improvement
Participate in incident response planning and post-incident reviews; advise on control improvements and regulatory/contractual notification considerations.
Collaborate with Security Operations and IT teams to ensure controls are effectively implemented, monitored, and improved based on lessons learned and evolving threats.
Identify opportunities to automate control monitoring, reporting, and GRC workflows using GRC platforms and security tooling.
Training, Awareness & Advisory
Develop and deliver role-based security awareness, GRC guidance, and targeted training for employees, contractors, and business partners.
Provide practical, risk-based advisory to Product, Engineering, IT, and business teams on secure design, control selection, and compliance requirements.
Act as a trusted advisor for security and compliance questions related to new projects, cloud deployments, and third-party integrations.
Required Qualifications - Skills & Experience
Bachelor’s degree in Information Security, Computer Science, Cybersecurity, Risk Management, or a related field, or equivalent practical experience.
3+ years of demonstrated experience in cybersecurity GRC, risk management, compliance, or related roles within a commercial or regulated environment.
Familiarity with common cybersecurity frameworks and standards (e.g., NIST CSF, ISO 27001, SOC 2) and practical experience applying them.
Experience performing risk assessments, vendor/security assessments, control gap analysis, and supporting audits or certifications.
Working knowledge of cloud security concepts (AWS, Azure, GCP), identity and access management, and common security controls.
Strong written and verbal communication skills with the ability to document controls, prepare executive reports, and communicate with technical and non-technical stakeholders.
Experience with GRC platforms, ticketing systems, and security assessment tools; comfortable working in cross-functional, fast-paced environments.
Preferred Qualifications
Relevant certifications such as CISSP, CISM, CRISC, CGEIT, or certification in GRC platforms preferred.
Experience supporting SOC 2, ISO 27001, or other compliance programs and working with external auditors.
Prior exposure to privacy requirements and data protection interactions with cybersecurity controls is a plus.
Experience in cloud-native environments, DevSecOps practices, and automation of control monitoring is advantageous.
Work Environment & Compensation
Full-time role with a hybrid onsite/remote work model; occasional travel may be required for stakeholder meetings, audits, or vendor engagements.
Competitive salary commensurate with experience and a comprehensive benefits package, including health insurance, retirement plan options, and paid time off.
Opportunities for professional development, certification support, and career progression within Security, Compliance, and Risk functions.
Inclusive and respectful workplace culture that values diversity, equity, and work-life balance.
- Department
- Information Technology & Digital
- Role
- Cyber GRC Specialist
- Locations
- Dammam, Jeddah, Riyadh, Dubai, Cairo, Amman, Delhi, Lahore
About Stellar Hunters
At Stellar Hunters, we specialize in connecting businesses with transformative talent through tailored recruitment and workforce solutions. With expertise in executive search, resource augmentation, and remote team outsourcing, we deliver scalable and efficient strategies that align with your organization’s unique goals.
Our deep understanding of local markets, particularly in the GCC region, positions us as a trusted partner for businesses navigating complex talent challenges. Leveraging AI-driven processes and a network of over 3 million candidates, we are committed to accelerating your success by securing leaders and professionals who drive results.