Cybersecurity GRC Specialist

About Tarshid:

Tarshid is the National Energy Services Company, established by the Public Investment Fund to catalyze the development of a more energy efficient Saudi Arabia. The launch of Tarshid is a result of a collaborative effort between the Ministry of Energy, Ministry of Finance and the Saudi Energy Efficiency Center. Tarshid aims to be a pioneer in the energy efficiency field and to build towards a more sustainable future. Tarshid has a mandate to develop, fund and manage impactful energy efficiency projects in government and commercial sectors that achieve significant energy savings for the Kingdom.

Job Summary:

As a Cybersecurity GRC Specialist, you will play a pivotal role in developing and overseeing the company's cybersecurity and data protection programs. You will ensure alignment with best practices, legal mandates, and regulatory standards. Your responsibilities include evaluating the implementation of security policies, conducting comprehensive risk assessments, and performing audits to mitigate vulnerabilities. Additionally, you will drive cybersecurity awareness initiatives.

Main Responsibilities:

• Assist with the development, implementation, and maintenance of cybersecurity policies, procedures, standards, and controls to ensure compliance with regulatory requirements (such as NCA Controls) and industry standards like ISO 27001.
• Monitor cybersecurity risk assessment activities to identify risks and vulnerabilities, and help prioritise treatment and remediation efforts.
• Support and conduct risk assessments, manage access controls, and implement policy changes.
• Maintain the cybersecurity risk registry and follow up on risk treatment plans and their implementation.
• Assist with compliance activities to meet all regulatory requirements.
• Develop, implement, and maintain cybersecurity KPIs and reporting processes.
• Help create cybersecurity awareness materials and deliver training sessions according to the awareness program.
• Stay informed about new threats, vulnerabilities, and best practices in cybersecurity.

Qualifications, Experience & Skills :

• 3+ years of relevant experience in cybersecurity, with demonstrated knowledge of cybersecurity concepts, terminology, and controls. Proficient in NCA requirements, risk assessment processes, and cybersecurity governance practices.
• A bachelor’s degree in Computer Science, Cybersecurity, or a related field is required. Having a master’s degree and professional certifications such as CRISK or ISO Implementer Lead is considered an advantage.
• Familiarity with the concepts of risk management, cybersecurity policies, processes, and procedures, and compliance.
• Excellent English written and verbal communication skills.
• Ability to work independently and collaboratively with others.
• Knowledge of risk management, cybersecurity policies, procedures, and compliance.
• Understanding of governance frameworks relevant to information security.
• Technical expertise in implementing and evaluating security controls.