About The Company
Our client is a fast-growing technology company building digital trust infrastructure for the digital economy. Its platform enables organizations and individuals to manage, execute, and verify agreements securely and efficiently through digital signatures, digital agreements, and identity verification solutions. With strong market traction, a growing customer base, and continued investment support, the company is expanding its legal team and seeking a Legal Counsel to support its next phase of growth.
About The Role
We are seeking a highly organized and detail-oriented PKI Audit & Compliance Officer to help ensure the effectiveness, compliance, and audit readiness of digital trust and Public Key Infrastructure (PKI) services.
This role is ideal for professionals with experience in IT audit, cybersecurity compliance, risk management, governance, or regulated technology environments who enjoy working with controls, evidence, audits, and compliance frameworks. The position requires an independent mindset and the ability to assess, challenge, and improve control effectiveness while supporting business objectives.
Key Responsibilities
Compliance & Governance
- Maintain and continuously improve the compliance framework supporting PKI and digital trust services.
- Monitor and track applicable regulatory, security, privacy, and industry requirements.
- Maintain control matrices, compliance registers, remediation plans, and gap assessments.
- Ensure operational activities remain aligned with approved policies, procedures, and governance requirements.
- Support periodic reviews of policies, operational procedures, privileged roles, and access controls.
- Translate compliance requirements into practical and measurable controls.
Audit Readiness & Evidence Management
- Prepare and maintain audit-ready documentation and supporting evidence.
- Coordinate evidence collection across technology, security, operations, legal, and business teams.
- Review documentation and evidence for completeness, accuracy, and consistency.
- Maintain audit repositories, compliance trackers, and control records.
- Support internal audits, external assessments, certifications, and regulatory reviews.
- Track findings, remediation activities, ownership, timelines, and closure evidence.
Control Reviews & Assurance
- Perform periodic reviews of security, operational, and compliance controls.
- Review evidence related to certificate lifecycle activities, validation processes, privileged access, change management, incident management, vulnerability management, and monitoring activities.
- Assess control effectiveness and identify opportunities for improvement.
- Recommend corrective actions and follow through until remediation is completed.
- Help establish a proactive culture of compliance and continuous improvement.
PKI Oversight
- Review and observe sensitive PKI activities and operational ceremonies where required.
- Verify that critical cryptographic and trust-service activities are performed according to approved procedures.
- Ensure key ceremonies and other high-assurance processes are properly documented and evidenced.
- Escalate control deviations, risks, or compliance concerns when identified.
Risk Management & Reporting
- Maintain compliance calendars, risk registers, and remediation trackers.
- Support governance forums with compliance updates, metrics, and reporting.
- Monitor progress against audit findings and regulatory obligations.
- Assist with periodic reviews of cryptographic standards, certificate policies, and security requirements.
- Support management and legal stakeholders in responding to audit and regulatory requests.
What Success Looks Like
- Compliance controls remain effective, documented, and audit-ready.
- Evidence is complete, organized, and easily retrievable.
- Internal reviews identify issues before they become audit findings.
- Remediation actions are tracked and closed within agreed timelines.
- Policies, procedures, and operational practices remain aligned.
- Compliance activities enable the business while maintaining security and regulatory requirements.
Requirements
- 3 7 years of experience in IT audit, cybersecurity compliance, risk management, governance, GRC, information security, or related fields.
- Strong understanding of security controls, access management, change management, incident response, vulnerability management, logging, backup, and disaster recovery processes.
- Familiarity with regulated environments such as cybersecurity, financial services, telecommunications, digital identity, cloud services, or government sectors.
- Working knowledge of ISO 27001 and information security management practices.
- Exposure to regulatory and assurance frameworks is highly desirable.
- Basic understanding of PKI, digital certificates, certificate authorities, cryptographic key management, or digital trust services is preferred.
- Experience supporting audits, certifications, or regulatory assessments.
- Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Audit, Risk Management, Computer Science, or a related discipline.
- Professional certifications such as CISA, CISM, CISSP, CRISC, ISO 27001 Lead Auditor, or equivalent are highly desirable.
- Professional proficiency in Arabic and English is preferred.
Preferred Attributes
- Strong analytical and organizational skills.
- Excellent documentation and evidence management capabilities.
- Ability to communicate effectively with technical and non-technical stakeholders.
- Independent mindset with the confidence to challenge processes constructively.
- Attention to detail and commitment to high-quality outcomes.
- Ability to balance compliance requirements with operational efficiency.
What We Offer
- Competitive salary and benefits package.
- Opportunity to work in a highly regulated and security-focused environment.
- Exposure to advanced cybersecurity and digital trust technologies.
- Professional development and certification support.
- Collaborative culture with meaningful ownership and responsibility.
- Opportunities to contribute to critical national-scale digital initiatives.