Cyber Security GRC Engineer

JOB PURPOSE:

The Cybersecurity GRC Engineer plays a critical dual role in safeguarding the organization’s digital assets while advancing its cybersecurity governance maturity. This position is responsible for detecting and responding to threats, managing vulnerabilities, and maintaining core security infrastructure. Simultaneously, the role ensures alignment with regulatory standards and cybersecurity frameworks by managing risk, enforcing compliance, and supporting audit readiness. By integrating operational defense with strategic risk oversight, the engineer contributes to a secure, resilient, and regulation-compliant environment that supports business continuity and digital trust.

RESPONSIBILITIES/DUTIES

Cybersecurity Operations

• Perform root cause analysis and assist in remediation of security breaches.
• Conduct vulnerability assessments and ensure timely patching and configuration updates.
• Collaborate with IT teams to safeguard systems, networks, and cloud environments.

Governance, Risk & Compliance (GRC)

• Develop and enforce security policies, procedures, and standards aligned with ISO 27001, NIST, and internal audit requirements.
• Maintain the information security risk register and manage control assessments.
• Support third-party risk assessments and internal/external audit readiness.
• Perform risk and impact assessments for IT and business processes, proposing mitigation plans.
• Monitor compliance with data protection laws, regulatory standards, and internal controls.
• Develop cybersecurity awareness content and promote a risk-aware culture.

Security Monitoring, Metrics & Reporting

• Build dashboards and metrics for key risk indicators (KRIs) and performance indicators (KPIs).
• Provide reports on incident response, compliance gaps, and control effectiveness.
• Ensure documentation of security incidents, investigations, and preventive actions.
• Support change management processes by reviewing technical risks and security implications of system modifications.

Continuous Improvement & Research

• Stay updated on cybersecurity trends, technologies, and threat intelligence.
• Recommend tools and best practices to enhance detection, prevention, and recovery capabilities.
• Participate in cybersecurity projects, system upgrades, and cross-departmental initiatives.
• Drive maturity improvement by contributing to gap analyses, self-assessments, and capability building.

ESSENTIAL QUALIFICATIONS, KNOWLEDGE & EXPERIENCE

QUALIFICATIONS:

• Bachelor’s degree in Computer Science, Information Security, Engineering, or related field.
• Relevant certifications such as:

o Technical Security: CompTIA Security+, CEH, eJPT, ECIR, or GIAC.

o GRC & Risk: CRISC, ISO 27001 Lead Implementer/Auditor.

• Fluent in English and Arabic, French is a plus.

KNOWLEDGE:

• Strong grasp of cybersecurity principles, risk assessment, incident response, and threat intelligence.
• Familiarity with industry frameworks: ISO 27001, NIST CSF, CIS Controls.
• Good understanding of IT infrastructure, access control, networking protocols (TCP/IP, DNS, HTTP), and Active Directory.
• Working knowledge of scripting (e.g., PowerShell, Python, Bash) is a plus.

EXPERIENCE:

• 1-3 years of experience in cybersecurity or GRC, preferably within a large or regulated organization.
• Practical involvement in security operations, compliance audits, vulnerability assessments, and control implementations.
• Experience handling internal and external assessments, including ISO audits and risk evaluations.
• Exposure to Operational Technology (OT)/IACS environments is a strong advantage.
• Experience with third-party risk management and security audits.
• Experience using security technologies: SIEM, firewalls, IDS/IPS, EDR, vulnerability management platform.

DESIRED BEHAVIORS

• Security-first mindset with a high sense of integrity, responsibility, and ethical conduct.
• Critical thinker who applies analytical skills to diagnose risks and resolve security challenges effectively.
• Detail-oriented, especially when evaluating incidents, documentation, and compliance requirements.
• Communicates with impact, able to translate technical risks into understandable business terms across all levels.
• Collaborative team player who fosters alignment between cybersecurity, IT, and business functions.
• Proactive learner who stays current with evolving threat landscapes, compliance standards, and best practices.
• Resilient and organized under pressure, capable of balancing multiple tasks while meeting deadlines.
• Persuasive and assertive, driving security adoption across the organization without compromising stakeholder relationships.
• Comfortable with ambiguity, and adaptable to evolving priorities in a dynamic cybersecurity landscape.