Position Overview
Responsibilities - Manage and maintain compliance programs across ISO 27001, SOC 2, NESA and GDPR frameworks.
- Conduct enterprise risk assessments and maintain the risk register, tracking risk treatment plans to completion.
- Coordinate internal and external audit activities, manage evidence collection and ensure timely remediation of findings.
- Develop, review and update information security policies, standards and procedures aligned with business objectives.
- Perform third‑party vendor risk assessments and manage the vendor security review lifecycle.
- Prepare compliance reports and risk dashboards for executive leadership and board‑level stakeholders.
Requirements - 4+ years of experience in GRC, IT audit, or information security compliance roles.
- Strong working knowledge of ISO 27001, ISO 27002, SOC 2, NIST CSF and regional frameworks (NESA IAS).
- Experience managing audit cycles end‑to‑end ...