- Keeps ISMS documentation, processes, and records up to date and audit-ready
- Lead internal audits, compliance checks, and management reviews
- Be our star player during ISO 27001 audits (prep, evidence, responses – you own it!
- Perform risk assessments across assets, vendors, and projects and maintain our risk register
- Manage the lifecycle of nonconformities, corrective actions, and improvement efforts
- Maintain and review the Statement of Applicability (SoA) and ensure Annex A controls are in place
- Ensure we stay aligned with national cybersecurity standards like NCA ECC and SAMA
- Keep our policies fresh, aligned, and accessible to the people who need them
- Monitor GRC metrics and share smart, clear reports with leadership
- Awareness & training campaigns to grow our culture of security
Bachelor’s degree in information security, Computer Science, or a related field2–5 years of experience in GRC, ISMS operations, information security, or compliancePractical, hands-on experience with ISO/IEC 27001 (especially audits & certification maintenance)Familiarity with risk management frameworks and ITILBonus points for experience with GRC or ISMS platformsExperience with awareness/training platformsISO 27001 Lead Implementer or Lead Auditor highly preferredGRCA or GRCP are a definite plus!