Cybersecurity GRC Specialist – CyberArrow Platform (Saudi National)

We are seeking a Cybersecurity GRC Specialist with strong hands-on experience in the CyberArrow GRC platform to own, administer, and continuously optimize the organization’s Governance, Risk, and Compliance operations. The role focuses on ensuring alignment with Saudi NCA frameworks, regulatory requirements, and internal governance standards while enabling effective risk management and audit readiness through CyberArrow. CyberArrow hands-on experience is a must.

Location: Riyadh, Saudi Arabia
Work Conditions: On-site, Full-time

Key Responsibilities:

• CyberArrow Platform Administration & Configuration

  • Serve as the primary administrator of the CyberArrow GRC platform, managing user accounts, roles, permissions, and access controls.
  • Configure and maintain CyberArrow modules for Risk Management, Compliance, Controls, Audits, and Issues Management.
  • Customize workflows, forms, dashboards, and templates within CyberArrow to align with organizational processes.
  • Configure automated notifications, approvals, and escalation workflows in CyberArrow.
  • Ensure platform availability, data integrity, and configuration consistency.

• Risk, Control & Compliance Management

  • Manage risk registers, control libraries, and compliance mappings within CyberArrow.
  • Support and coordinate risk assessments, control testing, and issue tracking using CyberArrow workflows.
  • Track risk treatment plans and remediation actions, ensuring timely closure and management visibility.
  • Map controls and risks to Saudi NCA frameworks, ISO 27001, and other applicable regulatory standards within the platform.
  • Support internal and external audits by managing evidence repositories and audit trails in CyberArrow.

• Reporting, Metrics & Governance

  • Develop and maintain CyberArrow dashboards for KPIs, KRIs, compliance posture, and risk trends.
  • Generate and distribute risk, compliance, audit, and executive-level reports from CyberArrow.
  • Provide data-driven insights to senior management on governance maturity and risk exposure.
  • Ensure accurate and timely reporting aligned with regulatory and organizational requirements.

• Support, Training & Continuous Improvement

  • Act as first-line support for CyberArrow-related issues; log, track, and escalate incidents as required.
  • Deliver user onboarding, refresher training, and awareness sessions focused on CyberArrow usage and GRC best practices.
  • Maintain platform documentation, user guides, and SOPs.
  • Continuously assess and improve GRC processes, workflows, and platform utilization.
  • Collaborate with IT, Security, Risk, and Compliance stakeholders to gather requirements and recommend enhancements.

Required Skills & Experience:

• 5–7 years of experience in Cybersecurity GRC, IT Governance, or Risk & Compliance roles.
• Hands-on experience with CyberArrow GRC platform (administration, configuration, and reporting).
• Strong understanding of risk management methodologies, compliance and audit processes, and control frameworks.
• Practical experience with Saudi cybersecurity regulations, especially NCA frameworks.
• Strong analytical, reporting, and stakeholder communication skills.
• Ability to translate regulatory requirements into CyberArrow configurations and workflows.

Preferred Qualifications:

• Professional certifications such as CISM, CRISC, ISO 27001 Lead Implementer/Lead Auditor, or equivalent.
• Experience in regulated sectors (government, aviation, finance, critical infrastructure).
• Knowledge of ITSM processes, incident management, and cybersecurity control operations.
• Prior involvement in NCA compliance assessments or regulatory audits using GRC tools.

Language Requirements: Proficiency in Arabic may be advantageous due to the regulatory framework context.