GRC Senior Consultant

As a Senior GRC Consultant, you will play a critical role in ensuring the effective implementation and maintenance of our cybersecurity GRC program. You will be responsible for developing and enhancing policies, procedures, and controls to mitigate risks and ensure compliance with regulatory requirements and industry best practices. This role requires a deep understanding of cybersecurity principles, risk management, and compliance frameworks, as well as excellent communication and leadership skills.

• Develop and maintain the cybersecurity governance, risk, and compliance (GRC) program, ensuring alignment with business objectives and industry standards.
• Familiar with regulatory frameworks such as SAMA CSF, NCA ECC, ISO 27001 and PCI DSS.
• Collaborate with stakeholders to identify, assess, and prioritize cybersecurity risks and develop risk mitigation strategies.
• Conduct regular risk assessments and gap analyses to identify areas of vulnerability and recommend appropriate controls and remediation measures.
• Oversee third‑party risk management activities, including conducting vendor risk assessments, evaluating security controls, and ensuring compliance with contractual obligations.
• Design and implement cybersecurity policies, standards, and procedures to ensure compliance with applicable laws, regulations, and industry frameworks (e.g., SAMA, NCA, ISO 27001 etc.).
• Monitor and enforce compliance with cybersecurity policies and procedures through regular audits, assessments, and testing.
• Provide guidance and support to internal teams on cybersecurity GRC matters, including security incident response, vendor management, and third‑party risk assessments.
• Stay up‑to‑date with the evolving threat landscape, emerging cybersecurity regulations, and industry trends to ensure the GRC program remains current and effective.
• Collaborate with internal teams to promote a culture of security awareness and provide cybersecurity training and education programs.
• Develop and maintain relationships with external stakeholders, such as auditors and regulatory bodies, to ensure compliance requirements are met.
• Prepare and present reports on cybersecurity GRC program status, key risk indicators, and compliance metrics to executive leadership and other stakeholders.

• Bachelor's degree in computer science, information systems, or a related field.
• Professional certifications such as CISA is mandatory. CISSP, CISM, CRISC, or equivalent are highly desirable.
• Proven experience (8+ years) in cybersecurity governance, risk management, and compliance roles, preferably in a senior or leadership capacity.
• Deep understanding of cybersecurity principles, risk management frameworks, and compliance standards (e.g., SAMA CSF, NCA ECC, ISO 27001, PCI DSS)
• Experience in developing and implementing cybersecurity policies, standards, and procedures.
• Familiarity with conducting risk assessments, gap analyses, and vulnerability assessments.
• Demonstrated ability to manage third‑party risk and conduct vendor risk assessments.
• Strong analytical and problem‑solving skills, with the ability to think strategically and make sound decisions.
• Excellent written and verbal communication skills, with the ability to articulate cybersecurity risks and controls effectively.
• Ability to work collaboratively in a cross‑functional team environment and influence stakeholders at all levels of the organization.
• Strong project management skills, with the ability to prioritize and manage multiple initiatives simultaneously.
• Up‑to‑date knowledge of the latest cybersecurity threats, vulnerabilities, and technologies.