# Cybersecurity GRC Specialist > Talent-360.me · Riyadh, Saudi Arabia · Full-time · Posted 2026-04-23 **Workplace:** on_site **Department:** External / Clients ## Description **About SiFi** SiFi is a fast-growing B2B FinTech company specializing in spend management and card issuance solutions. We help companies take control of their spending, streamline expense workflows, and operate with greater efficiency. **Role Overview**  The Cybersecurity GRC Specialist plays a critical role in maintaining SiFi’s cybersecurity compliance posture and ensuring audit readiness across all regulatory frameworks. This role is responsible for managing the full Governance​, Risk, and Compliance (GRC) lifecycle — including evidence management, policy governance, risk tracking, and KPI/KRI reporting — ensuring that all cybersecurity controls are measurable, defensible, and aligned with regulatory expectations. **Key Responsibilities:** **1\. Regulatory Compliance & Audit Readiness** - Maintain and manage the compliance tracker across SAMA CSF, PDPL/NDMO, and PCI-DSS - Own the full evidence lifecycle: collection, validation, and documentation - Ensure continuous audit readiness with traceable, control-aligned evidence - Track regulatory findings and remediation plans, ensuring timely closure - Provide regular compliance status reports to the CISO and relevant committees **2\. Governance & Policy Management** - Develop and maintain cybersecurity policies, standards, and procedures - Ensure documentation aligns with SiFi governance structure and regulatory expectations - Manage document lifecycle (versioning, approvals, reviews) - ​Map all policies and procedures to SAMA CSF controls **3\. Cyber Risk Management** - Maintain and update the cybersecurity risk register - Conduct third-party risk assessments (TPRA) and vendor due diligence - Support risk reviews and reporting cycles - Collaborate with Risk and Compliance teams to align enterprise risk frameworks **4\. KPI / KRI Monitoring & Reporting** - Collect and validate cybersecurity KPIs/KRIs from relevant stakeholders - Maintain a centralized KPI/KRI tracker - Prepare periodic reports with trend analysis to support regulatory maturity (Level 3+) - Identify and escalate performance gaps ## Requirements - 1 year in a dedicated Cybersecurity GRC role - ​Hands-on experience with SAMA CSF compliance within regulated entities - Experience in audit evidence preparation and regulatory assessments - Strong background in drafting cybersecurity policies and procedures - Experience using GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, etc.) - Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or related field - Certifications in ISO 27001 Lead Implementer / Lead Auditor, Security+, (ISC)² CC, CGRC or CISA or CRISC - ​Speaks English and Arabic **Preferred Qualifications** - Experience with PDPL and NDMO regulations - PCI-DSS compliance exposure - Knowledge of cloud security (AWS, Azure, GCP, OCI) - Experience in fintech or financial services - Familiarity with frameworks like ISO 27001, NIST, COBIT ## Apply [Apply at Talent-360.me](https://apply.workable.com/talent3600/j/4CD4E74233/apply) --- Powered by [Workable](https://www.workable.com)