[Hiring] GRC Expert @COGNNA

Role Description

We are seeking a GRC Expert with 4+ years of hands-on experience to support the operation of our GRC department. This role requires a strong background in international certification frameworks (ISO 27001, SOC 2), comprehensive Risk Management experience, and specific expertise in Identity and Access Management (IAM) governance. You will be instrumental in leveraging our automated compliance platform (Vanta) to streamline evidence collection, manage audits, and ensure continuous compliance.

• Lead the preparation and execution of external audits for ISO 27001 and SOC 2 (Type 1 & 2) certifications.
• Manage compliance with local Saudi regulations, specifically NCA ECC and SAMA cybersecurity frameworks.
• Utilize the Vanta platform to map internal controls to regulatory requirements (Custom Frameworks) and automate evidence collection.
• Monitor compliance posture daily, ensuring all automated tests in Vanta are passing and remediating gaps promptly.

Qualifications

• Minimum of 4 years of dedicated experience in GRC, Information Security, or IT Audit.
• Deep understanding of ISO 27001 and SOC 2 controls.
• Familiarity with NCA ECC and SAMA regulations.
• Experience with automated GRC platforms.
• Solid understanding of IAM concepts (RBAC, SSO, MFA, PAM).
• Proficiency in risk assessment methodologies (e.g., ISO 27005, NIST SP 800-30).

Requirements

• Holding at least one relevant certification is preferred (e.g., CISA, CISM, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor).

Soft Skills

• Excellent communication skills in English (Arabic is a strong plus).
• Ability to work independently and manage multiple audit timelines simultaneously.
• Strong analytical and problem-solving skills.

Benefits

• Competitive Package – Salary + equity options + performance incentives
• Flexible & Remote – Work from anywhere with an outcomes-first culture
• Team of Experts – Work with designers, engineers, and security pros solving real-world problems
• Growth-Focused – Your ideas ship, your voice counts, your growth matters
• Global Impact – Build products that protect critical systems and data