Cybersecurity GRC Specialist II

We don’t think about job roles in a traditional way. We are anti-silo. Anti-career stagnation. Anti-conventional. 

Beyond ONE is a digital services provider radically reshaping the personalised digital ecosystems of consumers in high growth markets around the world. We’re building a digital services aggregator platform, with a strong telco foundation, and a profitable growth strategy that empowers users to drive their own experience—subscribe once, source from many, and only pay for what you actually use. 

Since being founded in 2021, we’ve acquired Virgin Mobile MEA, Friendi Mobile MEA and Virgin Mobile LATAM (with 6.5 million subscribers) and 1600 dedicated  colleagues across Chile, Colombia, KSA, Kuwait, Mexico, Oman and UAE. 

To disrupt for good takes a rebellious spirit, a questioning mind and a warm heart. We really care about how to get things done and not who manages who. We benefit from our diversity, and together, we disrupt the way we and others thinkin about our lives for good.  

Do you want to exchange ideas, learn from each other and leave your mark on our journey? This is the place for you. 

Role Purpose:

• Why this role matters: The Cybersecurity GRC Specialist II plays a critical role in strengthening Beyond ONE's cybersecurity posture across all business units. Reporting into the Cybersecurity leadership, this role will drive the maturity of cybersecurity-related governance processes, risk management practices, and compliance activities. It will be instrumental in ensuring robust cybersecurity controls are properly designed, implemented, and monitored to protect our group's data, operations, and reputation. As a growing, globally oriented company, Beyond ONE requires proactive and disciplined GRC practices — and this role ensures we meet regulatory, contractual, and stakeholder expectations while enabling secure innovation.
• Why this is for you: You're a perceptive security professional who thrives in dynamic, multicultural environments. You understand the importance of translating regulatory and compliance obligations into actionable governance frameworks and can navigate complex international landscapes. You’re seeking an opportunity where you can help shape cybersecurity resilience at a global scale, collaborate with cross-functional teams, and directly influence corporate risk postures under the guidance and strategic direction of the CISO.

Key Responsibilities:

In this role you will:

• Support the development, maintenance, and continual improvement of Beyond ONE’s cybersecurity governance, risk, and compliance frameworks.
• Perform regular cyber risk assessments across business functions, identify gaps, and work with stakeholders to develop risk mitigation plans.
• Assist in the creation, maintenance, and operationalization of cybersecurity policies, standards, procedures, and guidelines.
• Oversee key cybersecurity control processes to ensure effectiveness, including monitoring compliance with internal policies and external regulatory standards (e.g., CST CRF, NCA Essential Controls, ISO 27001, NIST frameworks).
• Coordinate governance activities including internal audits, external audits, security assessments, and management reporting.
• Manage cybersecurity risk exception and waiver processes; ensure risks are properly documented and tracked to closure.
• Support business units and IT teams in compliance initiatives, including security awareness and training efforts.
• Track the cybersecurity risk register, ensuring risks are properly categorized, assessed, prioritized, and periodically reviewed.
• Monitor third-party and vendor cybersecurity risks; help assess due diligence questionnaires and security-related contractual provisions.
• Prepare and deliver regular reports and dashboards for leadership on cybersecurity risks, control status, and compliance metrics.
• Contribute to incident response processes by advising on regulatory notification requirements and post-incident compliance actions.
• Keep abreast of emerging cybersecurity regulations, frameworks, and best practices to enhance Beyond ONE's security posture.

Qualifications & Attributes

We’re seeking someone who embodies the following:

● Education:

1.  Bachelor’s degree in information security, Cybersecurity, Computer Science, Information Technology, or a related discipline.
2. (Optional but preferred) Professional certifications such as:

• ■ Certified Information Systems Auditor (CISA)
• ■ Certified Information Security Manager (CISM)
• ■ Certified in Risk and Information Systems Control (CRISC)
• ■ ISO 27001 Lead Implementer/Lead Auditor
• ■ or equivalent certifications in cybersecurity GRC.

● Experience:

• Minimum 3–5 years of hands-on experience in cybersecurity governance, risk management, or compliance roles.
• Strong experience working with cybersecurity standards, frameworks, and regulations (e.g., CST CRF, ISO 27001, NIST Cybersecurity Framework).
• Experience conducting risk assessments, controls testing, and gap analysis.
• Familiarity with security incident management and regulatory response considerations.
• Experience working in a multi-national, multi-business unit environment preferred.

● Technical Skills:

• Solid understanding of cybersecurity principles, controls, and best practices across application, network, cloud, and endpoint security domains.
• Practical knowledge of cybersecurity standards and frameworks (e.g., ISO 27001, NIST CSF, CSA).
• Hands-on experience with GRC platforms/tools (e.g., LogicGate, Archer, RiskWatch, or similar).
• Ability to develop risk metrics (KRI/KPI), dashboards, and actionable reports using tools like Excel, Power BI, or similar reporting platforms.
• Understanding of third-party risk management practices.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent written and verbal communication skills, with the ability to explain complex concepts in business-friendly language.

● Unique Attributes:

• Thrives in Ambiguity & Fast-Paced Environments.
• Demonstrated ability to own initiatives and deliver them in complex, changing, and often decentralized settings.
• Adept at navigating multi-national environments, harnessing the unique regulatory and operational nuances across GCC and LATAM markets.
• A resilient individual who can manage diverse priorities, and foster a high-trust environment rooted in ethical security practices.

What we offer:

• Rapid learning opportunities - we enable learning through flexible career paths, exposure to challenging & meaningful work that will help build and strengthen your expertise.
• Hybrid work environment - flexibility to work from home 2 days a week.
• Healthcare and other local benefits offered in market.

By submitting your application, you acknowledge and consent to the use of Greenhouse & BrightHire during the recruitment process. This may include the storage and processing of your data on servers located outside your country of residence. For further information, please contact us at dataprivacy@beyond.one.