Cybersecurity GRC Consultant (KSA Residences only)

We're hiring a Cybersecurity GRC Consultant for a Saudi-based Managed Cybersecurity Services Provider, to be a milestone member of their Information Security and Compliance function for their customers.

• Maintain a deep knowledge of risk mitigation principles and techniques of international risk and security standards to manage compliance with frameworks such as ISO 27001, ISO 27005, NCA ECC, NIST, PCI/DSS, and others.
• Conduct technical risk assessments and communicate results in a simple, clear, and concise manner to various communities within the organization.
• Develop required cybersecurity controls and policies to support customer governance and compliance objectives.
• Support customers for cybersecurity risk assessments and work closely with third‑party assessors on certification audits to obtain and/or maintain certifications.
• Assist with analysis and documentation of audit remediation actions related to security.
• Review technical design and SDLC documentation with technical experts to assure controls and policy implementations.
• Act as a function consultant to implement the GRC platform.
• Provide guidance and share best practices for design and implementation of GRC platforms.

Education: Bachelor’s degree in IT or a related field from an accredited university.

• At least 10 years of advanced IT skills with a high level of information security or compliance experience.
• At least 8 years of experience as a Cybersecurity GRC Specialist developing security policies, GRC practices, and guidelines based on best practices and industry standards.
• Hands‑on experience fulfilling requirements of Saudi National Cybersecurity Authority and Saudi Digital Government Authority.
• Ability to work across multiple frameworks and regulatory standards, including NIST CSF, CIS20, ISO, GDPR, CCPA, NYDFS, SOX, NCA ECC, and HIPAA.
• Experience with information security frameworks, standards, and risk management processes.
• Hands‑on experience with one or more world‑leading GRC platforms.
• Experience performing information security audit processes or risk assessments.
• Expertise with security policy development, deployment, and adoption acceleration.

• Demonstrates understanding and use of basic project‑management methodologies, including planning, managing, and maintaining complex, organization‑wide long‑term programs.
• Strong technical writing and interpersonal skills with the ability to communicate effectively verbally.
• Maintains a passion for learning and researching technical skills relevant in a highly complex environment.
• Demonstrates resilience and flexibility in a rapidly changing environment to explore different strategies and achieve desired outcomes.
• Possesses a high degree of independence, integrity, and confidentiality while developing independently and delivering presentations, responding to questions.
• Highly organized, able to multi‑task and manage concurrent deadlines, and contribute to effective leadership of working groups.
• Comfortable working in cross‑functional and multidisciplinary teams.
• Mentors and coaches colleagues and seeks opportunities for continuous improvement.

• CISSP
• CISM
• CRISC
• CISA
• ISO Lead Auditor/Implementer