Cybersecurity GRC Consultant (Saudi only)

We're hiring a Cybersecurity GRC Consultant for a Saudi-based Managed Cybersecurity Services Provider, to be a milestone member of their Information Security and Compliance function for their customers.

• Maintains a deep knowledge of risk mitigation principles and techniques of the international risk and security standards in order to manage compliance with such standards and regulations including ISO 27001, ISO 27005, NCA ECC, NIST, PCI/DSS, and other frameworks.
• Conduct technical risk assessments and communicate results in a clear, concise manner to various stakeholders.
• Develop cybersecurity controls and policies to support customer governance and compliance objectives.
• Support customers for cybersecurity risk assessments and collaborate with third‑party assessors on certification audits to obtain and maintain certifications.
• Assist with analysis and documentation of audit remediation actions related to security.
• Review technical design and SDLC documentation with technical experts to ensure controls and policies are implemented.
• Work as a function consultant to implement the GRC platform.
• Provide guidance and best‑practice recommendations for the design and implementation of GRC platforms.

Education: Bachelor’s degree in IT or a related field from an accredited university.

• At least 7 years of advanced IT skills with a high level of information security or compliance experience.
• At least 5 years experience in a Cybersecurity GRC role developing security policies, GRC practices and guidelines based on best practices and industry standards.
• Hands‑on experience fulfilling the requirements of the Saudi National Cybersecurity Authority and Saudi Digital Government Authority.
• Ability to work across multiple frameworks and regulatory standards including NIST CSF, CIS20, ISO, GDPR, CCPA, NYDFS, SOX, NCA ECC and HIPAA.
• Experience with information security frameworks and standards as well as risk management processes.
• Hands‑on experience with one or more of the world’s leading GRC platforms.
• Experience performing information security audits or risk assessments.
• Expertise with security policy development, deployment, and adoption acceleration.

• Understanding and use of basic project management methodologies, including planning, managing, and maintaining complex, organization‑wide programs.
• Strong technical writing and interpersonal skills, with the ability to communicate effectively verbally.
• Passion for learning and researching technical skills relevant in a highly complex environment.
• Resilience and flexibility in a rapidly changing environment to explore strategies and achieve desired outcomes.
• High degree of independence, integrity, and confidentiality while delivering presentations and responding to questions.
• Highly organized and able to multi‑task, manage concurrent deadlines, and lead working groups.
• Comfortable working in cross‑functional and multidisciplinary teams.
• Mentors and coaches colleagues, seeking opportunities for continuous improvement.

• CISSP
• CISM
• CRISC
• CISA
• ISO Lead Auditor/Implementer