GRC Specialist

At Lendo, we are a fast-growing FinTech company on a mission to revolutionize the financial landscape in Saudi Arabia. With our innovative digital lending platform, we empower businesses by providing fast, secure, and transparent access to finance. As we continue to expand, we are seeking a detail-oriented and knowledgeable GRC Specialist to enhance our cybersecurity program by strengthening governance, risk management, and compliance practices. This role is pivotal in developing, implementing, and maintaining security frameworks, policies, and procedures to ensure compliance with regulatory requirements and industry standards. If you’re passionate about identifying and mitigating risks to protect organizational information assets and are ready to contribute to a robust cybersecurity strategy in a dynamic environment, we’d love to hear from you!

Key Responsibilities:

1. Governance:

   • Develop, implement, and maintain cybersecurity policies, standards, and procedures in alignment with industry frameworks.

   • Monitor the effectiveness of cybersecurity governance and provide regular updates to leadership.

   • Establish and maintain a system for tracking, reporting, and addressing policy exceptions.

2. Risk Management:

   • Conduct risk assessments to identify, analyze, and prioritize cybersecurity risks to organizational assets.

   • Collaborate with business units to design and implement effective risk mitigation plans.

   • Maintain a risk register and ensure continuous monitoring and reporting of risks.

3. Compliance:

   • Ensure compliance with applicable laws, regulations, and standards.

   • Conduct regular audits and assessments to verify adherence to internal policies and external requirements.

   • Act as the primary point of contact for regulatory bodies, auditors, and other third-party assessors.

4. Awareness and Training:

   • Design and deliver cybersecurity awareness and compliance training programs for employees.

   • Promote a culture of compliance and risk awareness across the organization.

5. Incident Response and Reporting:

   • Support incident response processes by ensuring governance and compliance aspects are addressed.

   • Provide guidance on documentation and reporting requirements for incidents and breaches.

6. Continuous Improvement:

   • Stay current on emerging regulatory requirements, security trends, and best practices.

   • Recommend and implement improvements to governance, risk, and compliance programs.

Qualifications:

• Strong understanding of governance, risk management, and compliance principles.

• Knowledge of information security frameworks (e.g., ISO 27001, SAMA CSF, NCA ECC, NIST CSF, COBIT, etc.).

• Experience conducting risk assessments and developing mitigation plans.

• Familiarity with regulatory requirements (e.g., SAMA regulations).

• Proficiency in documenting policies, procedures, and reports.

Preferred Skills:

• Hands-on experience with GRC tools (e.g., RSA Archer, ServiceNow GRC, MetricStream).

• Knowledge of cloud security and compliance requirements.

• Understanding of audit processes and methodologies.

• Understanding of vulnerability management processes.

Education and Certifications:

• Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience).

• Relevant certifications such as CISA, CRISC, CGEIT, ISO 27001 Lead Implementer/Auditor, or similar are highly desirable.

Personal Attributes:

• Excellent organizational and time-management skills.

• Strong analytical and problem-solving abilities.

• Effective communication skills (Arabic and English) to present technical concepts to non-technical audiences.