Lead Cybersecurity GRC Advisor

Our client is a Sovereign Digital Transformation Powerhouse mandated by the highest levels of the Kingdom's leadership to architect the secure digital future of Saudi Arabia. They act as the central nervous system for a multi‑billion dollar portfolio of Giga‑projects, ranging from AI‑driven smart cities to national‑scale sovereign cloud infrastructures. Unlike traditional organizations, this entity operates as a Strategic Hybrid: it possesses the agility of a global tech firm but carries the weight and security of a state institution.

They are the primary interface between innovative technology and the Kingdom's national security mandates. The work environment is characterized by high‑velocity delivery, a "Security‑by‑Design" culture, and a team composed of elite subject matter experts recruited from top‑tier global firms.

As the Lead GRC Advisor, your mission is to harmonize the Kingdom's ambitious growth with its stringent security requirements. You are the architect of the Internal Control Framework (ICF). You don't just "follow" NCA or SAMA regulations; you interpret them for complex, never‑been‑done‑before technological environments. You are a strategic enabler who ensures that security compliance becomes a competitive advantage for the Kingdom’s digital assets.

• Strategic Regulatory Liaison: Act as the primary technical point of contact for the National Cybersecurity Authority (NCA) and SAMA, ensuring our client’s projects are the benchmark for national compliance.
• Risk Orchestration for Giga-Projects: Conduct end‑to‑end cyber risk modeling for massive infrastructure deployments, including IoT sensor networks for smart cities and automated transit systems.
• Governance Framework Authority: Own and evolve the Cybersecurity Management System (CSMS), aligning it with NIST CSF 2.0, ISO 27001:2022, and local ECC/CSCC mandates.
• C‑Suite Advisory: Prepare and deliver "State of the Security" briefings for the Board, translating technical vulnerabilities into business impact and capital risk.
• Third‑Party Ecosystem Governance: Manage the security vetting and continuous monitoring of a global supply chain involving the world's largest tech vendors.

• Experience:
  
  10+ years in Cybersecurity/Risk Management, with at least 5 years in a leadership role within the Middle East or for a Fortune 500 entity.
• The "Saudi Expert":
  Deep, nuanced understanding of NCA‑ECC, SAMA CSF, and NDMO (Data Management) requirements is non‑negotiable.
• Certifications:
  
  Must hold CISSP and at least one GRC‑specific cert (CISM, CISA, or CRISC).
• Communication: A "Diplomat-Engineer" persona. You must be able to hold your own in a room with deeply technical coders AND in a boardroom with government ministers.
• Bilingualism:
  While the primary business language is English, native‑level Arabic is highly preferred for this specific sovereign‑facing role.

• 10+ years in Cybersecurity/Risk Management
• Leadership experience in the Middle East or for a Fortune 500 entity
• Deep understanding of NCA‑ECC, SAMA CSF, and NDMO requirements
• CISSP and GRC‑specific certifications
• Bilingual in English and Arabic

• Experience with IoT sensor networks and automated transit systems
• Familiarity with NIST CSF 2.0 and ISO 27001:2022
• Experience in preparing briefings for C‑Suite executives

Salary Range: SAR 52,000 – SAR 70,000 per month (Tax‑Free). Total Comp:
Includes Executive Housing, Family Schooling, and a 15‑25% Annual Performance Multiplier.

Our client is committed to diversity and inclusivity in the workplace and encourages applications from all qualified individuals.