About SiFi

The Cybersecurity GRC Specialist plays a critical role in maintaining SiFi’s cybersecurity compliance posture and ensuring audit readiness across all regulatory frameworks.

This role is responsible for managing the full Governance​, Risk, and Compliance (GRC) lifecycle — including evidence management, policy governance, risk tracking, and KPI/KRI reporting — ensuring that all cybersecurity controls are measurable, defensible, and aligned with regulatory expectations.

1. Regulatory Compliance & Audit Readiness

• Maintain and manage the compliance tracker across SAMA CSF, PDPL/NDMO, and PCI-DSS
  
• Own the full evidence lifecycle: collection, validation, and documentation
  
• Ensure continuous audit readiness with traceable, control-aligned evidence
  
• Track regulatory findings and remediation plans, ensuring timely closure
  
• Provide regular compliance status reports to the CISO and relevant committees
  

2. Governance & Policy Management

• Develop and maintain cybersecurity policies, standards, and procedures
  
• Ensure documentation aligns with SiFi governance structure and regulatory expectations
  
• Manage document lifecycle (versioning, approvals, reviews)
  
• ​Map all policies and procedures to SAMA CSF controls
  

3. Cyber Risk Management

• Maintain and update the cybersecurity risk register
  
• Conduct third-party risk assessments (TPRA) and vendor due diligence
  
• Support risk reviews and reporting cycles
  
• Collaborate with Risk and Compliance teams to align enterprise risk frameworks
  

4. KPI / KRI Monitoring & Reporting

• Collect and validate cybersecurity KPIs/KRIs from relevant stakeholders
  
• Maintain a centralized KPI/KRI tracker
  
• Prepare periodic reports with trend analysis to support regulatory maturity (Level 3+)
  
• Identify and escalate performance gaps
  

Requirements

• Minimum 2 years in a dedicated Cybersecurity GRC role
  
• ​Hands-on experience with SAMA CSF compliance within regulated entities
  
• Experience in audit evidence preparation and regulatory assessments
  
• Strong background in drafting cybersecurity policies and procedures
  
• Experience using GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, etc.)
  
• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or related field
  
• Certifications in ISO 27001 Lead Implementer / Lead Auditor, Security+, (ISC)² CC, CGRC or CISA or CRISC
  
• ​Speaks English and Arabic
  

Preferred Qualifications

• Experience with PDPL and NDMO regulations
  
• PCI-DSS compliance exposure
  
• Knowledge of cloud security (AWS, Azure, GCP, OCI)
  
• Experience in fintech or financial services\
  
• Familiarity with frameworks like ISO 27001, NIST, COBIT