Cybersecurity Specialist – GRC

PSDSARC

  • Riyadh
  • Permanent
  • Full-time
  • 1 month ago
Job DescriptionResponsible for developing, implementing, and maintaining cybersecurity governance, risk management, and compliance frameworks. Ensures alignment with regulatory requirements such as NCA ECC, ISO 27001, and NIST standards, and supports internal/external audits and risk assessments.Identifies, analyzes, monitors, mitigates and manages threats and vulnerabilities to IT systems and networks.Uses defensive measures and multi-source information to report events and respond to incidents.Uses data collected from cyber defense tools to analyze events that occur within their organization to detect and mitigate cyber threats.Performs vulnerability assessments of systems and networks. Identifies where they deviate from acceptable configurations or applicable policies. Measures effectiveness ofdefense-in-depth architecture against known vulnerabilities.Conducts authorized attempts to penetrate computer systems or networks and physical premises, using realistic threat techniques, to evaluate their security and detectpotential vulnerabilities.Investigates, analyzes and responds to cybersecurity incidents.Collects and analyzes digital evidence, investigates cybersecurity incidents to derive useful information to mitigate system and network vulnerabilities.Collects and analyzes multi-source information about cybersecurity threats to develop deep understanding and awareness of cyber threats and actors’ Tactics, Techniques andProcedures (TTPs), to derive and report indicators that help organizations detect and predict cyber incidents and protect systems and networks from cyber threats.Proactively searches for undetected threats in networks and systems, identifies their Indicators of Compromise (IOCs) and recommends mitigation plans.Skills
  • Strong knowledge of ISO 27001, NIST, and NCA frameworks • Risk assessment and compliance auditing • Policy development and report writing • Excellent communication and analytical skills
  • Knowledge of network components, their operation and appropriate network security controls and methods.
  • Knowledge of the principles of cybersecurity and privacy.
  • Knowledge of cybersecurity related threats and vulnerabilities.
  • Knowledge of the likely operational impact on an organization of cybersecurity breaches
  • Knowledge of cybersecurity authentication, authorization and access control methods. Knowledge of vulnerabilities in applications and their likely impact.
  • Knowledge of cybersecurity defense and vulnerability assessment tools and their capabilities
  • Skills
  • Skill of identifying, capturing, containing and reporting malware.
  • Skill in using intrusion detection technologies to detect host and network-based intrusions.
  • Skill in determining the normal operational state for security systems and how that state is affected by change
  • Skill in evaluating the adequacy of security designs.
  • Skill in using virtual machines.
  • Skill in configuring and utilizing computer protection tools.
  • Skill in securing network communications.
  • Skill in effectively recognizing and categorizing types of vulnerabilities and associated attacks.
  • Skill in configuring and utilizing network protection components.
  • Skill in conducting cybersecurity audits or reviews of technical systems.
Skill in system, network and OS hardening techniquesEducationCybersecurity, Information Security, Computer Science or relative degree.

PSDSARC