SAUDI ONLY
Job Description: The GRC Consultant supports the delivery of Governance, Risk, and Compliance (GRC) services, assisting senior team members in executing client projects.
Responsibilities:
Assist in gathering and analyzing data for GRC assessments.
Support the preparation of assessment reports, governance documentation, and client presentations.
Lead the preparation and execution of external audits for ISO 27001 and SOC 2 (Type 1 & 2) certifications.
Manage compliance with local Saudi regulations, specifically NCA ECC and SAMA cybersecurity frameworks, also perform assessments for different frameworks (e.g., ISO 27001, NDI Controls, NCA-Frameworks- ECC, CSCC, DCC, TCC & OSMACC, and other best practices.
Collaborate with senior consultants on the development and implementation of policies, procedures, frameworks, etc.
Develop and implement policies, procedures, and controls that ensure compliance with laws, regulations, and industry standards.
Participate in client workshops and project meetings.
Liaise with cross-functional teams (GRC, IT, legal, audit, operations) to support secure and compliant business operations.
Assist in the selection and implementation of GRC software solutions to automate processes and improve reporting capabilities.
Stay informed about industry trends, regulatory changes, and emerging risks to provide proactive advice to clients.
Evaluate third-party vendors for compliance with security standards and risk management requirements.
Provide input into enterprise risk management processes from a cybersecurity perspective.
Track and report key GRC metrics and issues to stakeholders and executive leadership.
Minimum Requirements: Bachelor's degree in Cybersecurity, Information Technology, or related fields.
Basic understanding of cybersecurity concepts, Internal Audit, Risk management, and compliance standards along with 5-6 years of relevant experience
Certifications such as CISM /CISSP, CompTIA Security+, ISO 27001 Lead Implementor, SSCP & ITIL or equivalent are a plus.
Experience with GRC platforms & ITSM knowledge is plus
Competencies:
Strong analytical and problem-solving skills.
Effective communication skills (verbal and written).
Attention to detail in documentation and reporting.
Team-oriented mindset with a proactive attitude.
