Job Overview:

• Ensure the performance, security, and reliability of Qardy’s GRC systems and applications.

• Monitor and report on Governance and Compliance of Cybersecurity policies, procedures, applicable regulations and standards as well as Audit reports.

• Identify and document Cybersecurity related Threats, Vulnerabilities and Risks and work with the relevant Stakeholders to implement appropriate Cybersecurity controls for their mitigation.

• Develops organizational cybersecurity policies. Governs cybersecurity structures and processes, manages cyber risks and assures compliance with the organization’s cybersecurity, risk management and related legal requirements.

• Control the execution and implementation of GRC related projects.

• Guarantee Quality of Work and deliverables.

Key Responsibilities:

• Governance:

• Develops, updates and maintains cybersecurity policies and procedures to support and align with an organization’s cybersecurity requirements.

• Collaborate with internal stakeholders, IT and security teams, ensuring cybersecurity policies and procedures are effectively communicated and implemented throughout the organization.

• Risk:

• Conduct Cybersecurity Risk Management, including Risk Assessments of Information assets and services

• Develop and implement a technology risk management Framework, policies, and procedures.

• Develop, maintain and regularly update a Cybersecurity Risk Register.

• Perform and investigate internal and external information security risk and exceptions assessments. Assessing incidents, vulnerabilities, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.

• Work with the Risk Owners to develop remediation plans to mitigate the Risks through appropriate Cybersecurity Controls.

• Compliance :

• Perform Compliance Management for Policies, Procedures, applicable Regulations (SOC2, PCI DSS, and ISO27001, etc.) as well as Standards and Audit recommendations.

• Perform Gap Analysis for the current and desired compliance status.

• Develop Corrective Action Plans for the defined gaps and key findings during internal audits and evidence validation with accordance to the relevant compliance controls.

Requirements:

• Bachelor’s Degree in Cybersecurity, Information Security, Computer Science or equivalent.

• GRC and Cybersecurity related certifications (e.g. ISO 27K LA, CISA, CRISC, CISM, etc.) would be a plus.

• Minimum 3 years of IT GRC / Cybersecurity / Information Security related work experience.

• Ability to work independently and as part of a team.

• Preparing GRC and Cybersecurity reports.

للتقديم الان