GRC Expert

3 days ago

Apply Now

Receive Emails with Similar Jobs

COGNNA

WebsiteLinkedInAll Job Openings

Cybersecurity • Artificial Intelligence • SaaS

COGNNA is an agentic SecOps and cybersecurity platform that uses AI-driven detection, autonomous triage, and automated response to unify security operations. It offers a cloud-delivered SaaS platform and Smart Managed SOC services (MSOC) for 24/7 monitoring, threat hunting, compliance automation, and incident containment, targeting enterprises, MSSPs, and regulated industries. COGNNA integrates asset discovery, high-fidelity detections, playbook-driven response, and audit-ready reporting to reduce alert noise, lower MTTR, and help organizations meet standards like SOC 2, PCI, HIPAA, NCA, and SAMA.

51 - 200 employees

Founded 2022

🔒 Cybersecurity

🤖 Artificial Intelligence

☁️ SaaS

📋 Description

• We are seeking a GRC Expert with 4+ years of hands-on experience to support the operation of our GRC department. • This role requires a strong background in international certification frameworks (ISO 27001, SOC 2), comprehensive Risk Management experience, and specific expertise in Identity and Access Management (IAM) governance. • You will be instrumental in leveraging our automated compliance platform (Vanta) to streamline evidence collection, manage audits, and ensure continuous compliance. • Lead the preparation and execution of external audits for ISO 27001 and SOC 2 (Type 1 & 2) certifications. • Manage compliance with local Saudi regulations, specifically NCA ECC and SAMA cybersecurity frameworks. • Utilize the Vanta platform to map internal controls to regulatory requirements (Custom Frameworks) and automate evidence collection. • Monitor compliance posture daily, ensuring all automated tests in Vanta are passing and remediating gaps promptly. • Oversee the IAM lifecycle from a governance perspective, ensuring "Least Privilege" and "Need-to-Know" principles are enforced. • Manage and execute Quarterly Access Reviews (User Access Reviews) campaigns within Vanta. • Monitor Identity Provider (IdP) integrations (e.g., Okta, Azure AD, Google Workspace) to ensure 100% MFA adoption and timely offboarding of terminated users. • Review and approve privileged access requests and ensure proper documentation of business needs. • Maintain and update the organizational Risk Register. • Conduct periodic risk assessments, identifying threats and vulnerabilities, and tracking risk treatment plans to closure. • Perform Third-Party Risk Management (TPRM) assessments for new and existing vendors. • Review and update information security policies and procedures annually or as needed. • Coordinate internal audits and pre-assessments to ensure readiness for external certification bodies. • Assist in responding to client security questionnaires and maintaining the Vanta Trust Center.

🎯 Requirements

• - Minimum of 4 years of dedicated experience in GRC, Information Security, or IT Audit. • - Deep understanding of ISO 27001 and SOC 2 controls. • - Familiarity with NCA ECC and SAMA regulations. • - Experience with automated GRC platforms. • - Solid understanding of IAM concepts (RBAC, SSO, MFA, PAM). • - Proficiency in risk assessment methodologies (e.g., ISO 27005, NIST SP 800-30). • Certifications • - Holding at least one relevant certification is preferred (e.g., CISA, CISM, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor). • Soft Skills • - Excellent communication skills in English (Arabic is a strong plus). • - Ability to work independently and manage multiple audit timelines simultaneously. • - Strong analytical and problem-solving skills.

🏖️ Benefits

• 💰 **Competitive Package** – Salary + equity options + performance incentives** 🧘 **Flexible & Remote** – Work from anywhere with an outcomes-first culture** 🤝 **Team of Experts** – Work with designers, engineers, and security pros solving real-world problems** 🚀 **Growth-Focused** – Your ideas ship, your voice counts, your growth matters** 🌍 **Global Impact** – Build products that protect critical systems and data