وصف الوظيفة
Ejada Cybersecurity GRC team are seeking a highly skilled Cybersecurity Governance Auditor to join our team. The Cybersecurity Governance Auditor will be responsible for evaluating and assessing our organization's cybersecurity governance framework, policies, procedures, and controls to ensure compliance with regulatory requirements, industry standards, and best practices. The Auditor will work closely with internal stakeholders and external auditors to identify areas of improvement and provide recommendations to enhance our cybersecurity posture.
Responsibilities
- Conduct audits and assessments of cybersecurity governance practices, policies, and controls to ensure alignment with regulatory requirements, industry standards for the customers.
- Evaluate the effectiveness of cybersecurity governance frameworks, including risk management processes, information security policies, and compliance programs, for Ejada clients.
- Review and assess the implementation of cybersecurity controls and safeguards to protect against threats, vulnerabilities, and cyber risks based on the policies and standards.
- Identify gaps, deficiencies, and areas of non-compliance in cybersecurity governance practices and controls and provide recommendations for remediation.
- Have experience to write technical writeup.
- Collaborate with internal stakeholders, including IT security teams, risk management, compliance, and business units, to address audit findings and implement corrective actions.
- Coordinate and facilitate audits with external auditors, regulators, and certification bodies to validate compliance with regulatory requirements and industry standards.
- Prepare audit reports, findings, and recommendations for management review and presentation to senior leadership and governing bodies.
- Stay abreast of emerging cybersecurity threats, trends, and best practices to enhance audit methodologies and approaches.
- Provide subject matter expertise and guidance to internal teams on cybersecurity governance, risk management, and compliance matters.
- Participate in cybersecurity awareness and training initiatives to promote a culture of security awareness and compliance across the organization.
Qualifications
- Bachelor's degree in Information Security, Computer Science, Business Administration, or related field. Master's degree or professional certifications (e.g., CISA, CISSP, CISM, CRISC) preferred.
- Minimum of 5 to 10 years of experience in cybersecurity governance, risk management, compliance, or audit roles.
- Strong knowledge of cybersecurity governance frameworks, standards (e.g., NIST Cybersecurity Framework, ISO/IEC 27001), and regulations (e.g., GDPR, HIPAA, PCI DSS).
- Strong knowledge of cybersecurity local frameworks and regulations SAMA and NCA.
- Experience conducting cybersecurity audits, assessments, and compliance reviews.
- Excellent analytical skills and attention to detail with the ability to identify and assess risks and vulnerabilities.
- Effective communication and interpersonal skills with the ability to collaborate and engage with stakeholders at all levels of the organization.
- Ability to work independently, prioritize tasks, and manage multiple projects simultaneously.
- Strong problem-solving skills and the ability to develop practical solutions to address cybersecurity governance challenges.
- Commitment to continuous learning and professional development in the field of cybersecurity governance and audit.