Role Overview
The ideal candidate has deep experience in cybersecurity frameworks, risk management, regulatory
alignment, audits, policy development, and leading enterprise GRC programs.
The role includes working with government and regulated sectors, contributing to cybersecurity
posture improvement, and ensuring client compliance with international and KSA-specific
frameworks.
This position is client-facing, leadership-oriented, and requires both strategic and hands-on GRC
expertise.
Top 5 Responsibilities
1.Lead GRC engagements including cybersecurity assessments, maturity evaluations, gap
analyses, and compliance improvement roadmaps.
2.Develop and implement cybersecurity governance frameworks, policies, procedures,
and standards aligned with ISO 27001, NCA ECC/CCC, NIST CSF, COBIT, and sector-
specific mandates.
3.Conduct enterprise risk assessments, create risk treatment plans, and drive continuous
risk reduction programs with business stakeholders.
4.Manage internal/external audits, regulatory compliance initiatives, and coordinate with
client teams to ensure audit readiness and control effectiveness.
5.Provide strategic advisory on cybersecurity governance, operating models, KPIs, and
continuous improvement across government and enterprise environments.
Must-Have Technologies & Platforms Experience
(Not technical hands-on configuration, but exposure in a GRC context)
∙SIEM / SOC Technologies: Microsoft Sentinel, Splunk, IBM QRadar
∙Network & Security Platforms: Palo Alto, Fortinet, Cisco Security
∙EDR/XDR Platforms: CrowdStrike, Microsoft Defender XDR
∙Cloud Security: Microsoft Azure security controls, AWS Security Hub, CSP governance
∙GRC Tools: RSA Archer, ServiceNow GRC, MetricStream, OneTrust
∙Vulnerability Management: Tenable, Qualys, Rapid7
Candidates must understand control requirements, governance, integration points, reporting
outputs, and compliance mapping for these technology domains.
Nice-to-Have Technologies
∙Knowledge of KSA-specific compliance platforms (NCA GRC portals, banking
compliance portals)
∙Data Privacy and DLP Platforms (Microsoft Purview, Symantec, Forcepoint)
∙DevSecOps practices and CI/CD pipeline assessments
∙OT/ICS governance frameworks (NIST 800-82, IEC 62443)
Required & Preferred Certifications
Required
∙ISO 27001 Lead Implementer (LI) or Lead Auditor (LA)
∙CGRC (formerly CAP) or equivalent risk-focused certification
∙CISM or CISSP (one required for Lead level)
Preferred / Strong Plus
∙SABSA Foundation or Practitioner
∙COBIT 2019
∙ITIL 4 Foundation
∙NCA-specific training (ECC/CCC/CSM)
∙Cloud certifications: Azure Security Engineer, CCSK, CCSP
Experience Requirements
∙7–10 years in cybersecurity governance, compliance, and risk management roles
∙Proven leadership in GRC project delivery with enterprise or government clients
∙Experience with KSA regulatory frameworks, such as:
oNCA ECC v2 / CCC
oSAMA CSF
oCITC / CST Regulations
oNDMO Data Governance
∙Experience designing cybersecurity programs and managing cross-domain teams
Top Skills
What We Do
SWATX was established in 2017 in IT Consulting practice however due to the changing built environment and the growing needs of our clients; it became necessary to broaden the services that could be provided by SWATX, so as to offer multi-disciplinary IT management consulting services and IT outsourcing under one ceiling.
SWATX have extended its portfolio through strategic partnerships to cover IT Infrastructure and Network Implementation, Business Management Tools and Applications and Security Solutions. We also act in a virtual CIO role as your trusted advisor, with a focus on improving processes and future growth. Moving along, SWATX has started to build its own unique products to support small and medium enterprise companies in their growth through IT transformation.
