Share this Job

GRC Specialist

Date: May 24, 2023

Location: Riyadh, SA

Company: Geidea

Established in 2008, Geidea epitomizes customer focused empowerment and commercial success through continuous innovation

Geidea makes best in class digital payment solutions available for all by attracting and leveraging the best creative & entrepreneurial talent in the market

Our solutions give any business the chance to get ahead and reach for more no matter their size or maturity.

Our technology mirrors our people - Smart, Innovative & Forward Thinking


To maintain competitive advantage as we grow, we are currently looking for a " Cyber Security GRC Specialist "


Key Accountabilities:

  • Playing a lead role in client engagements is preferred.
  • Should be delivery-focused.
  • Sound experience in Implementing ISMS, performing internal reviews, and drafting and enforcing policies in accordance with SAMA Cyber Security Framework, ISO 27001, and PCI-DSS.
  • Sound experience in PCI-DSS, SAMA Cyber Security Framework remediation, and certification audit.
  • Knowledge and understanding of Information Security related risk assessments framework such as SAMA, OCTAVE, COBIT, ISO 27005, and NIST 800-30.
  • Ability to perform internal information security reviews and face external audits.
  • Sound understanding and knowledge of firewall rules, security architecture, infrastructure, and application hardening.
  • Thorough understanding and knowledge of current industry-accepted best practices in information security.
  • Excellent communication skills and attention to detail.
  • Experience in information security and application security controls
  • Exposure to methodologies, such as OWASP preferred.
  • Exposure to the financial Sector Is preferred.



Key Accountabilities:

  • Assist in the implementation of the Information Security Management System in compliance with SAMA CSF, PCI-DSS, and ISO 27001 across the organization.
  • Assist in the implementation of PCI DSS compliance
  • Assist in drafting, maintaining and enforcing policies, procedures, and controls in accordance with PCI DSS.
  • Coordinating and formulating detailed reports of ISMS internal reviews and periodic PCI DSS reviews.
  • Executing periodic activities as required for achieving compliance of PCI DSS/ISO 27001.
  • Coordinating and assisting various teams for closure of finding of ISMS internal review report and PCI DSS gaps.
  • Assist and coordinate with various teams in annual external audits of PCI DSS.
  • Assist and support in achieving PCI DSS compliance for upcoming projects and various teams in IT.
  • Conduct organization-wide information security awareness training.
  • Assist in security incident response and RCA activities.



Required Education - Bachelor’s degree in Computer Science, Information Technology, Telecommunications, Electronics & Electrical or any related field.

Required Work Experience -

  • Minimum 3 years experience.

Professional Certifications

  • ISO 27001 LA/LI
  • CEH
  • ITIL Foundation
  • CompTIA Security+
  • Firewalls certifications


Required Skills/Competency-

  • ISMS Implementation
  • PCI DSS Implementation
  • Risk Management
  • ISO 27005
  • NIST 800-30
  • 3PC Audits


Our values guide how we think and act - They describe what we care about the most

  • Customer first - It’s embedded in our design thinking and customer service approach
  • Open - Openness allows us to constantly improve and evolve
  • Real - No jargon and no excuses!
  • Bold - Constantly challenging ourselves and our way of thinking
  • Resilient – If we fail, we bounce back stronger than before
  • Collaborative - We know that we can achieve a lot more as a team


We are changing lives by constantly striving for a better solution