The Cybersecurity GRC Consultant supports the design, implementation, and continuous improvement of cybersecurity governance, risk, and compliance initiatives. The role contributes to the development of governance frameworks, policies, operating models, and regulatory compliance activities while ensuring alignment with organizational objectives and Saudi cybersecurity regulations. The consultant works closely with senior consultants, architects, and client stakeholders to deliver high-quality governance artifacts and advisory services.
Ready to apply for roles like this?
Unlock the company name and direct application link. Subscribers get instant access to fresh jobs across Dubai, Abu Dhabi and Riyadh, many with visa support.
Unlock employer & apply directly
Key Responsibilities
- Support the development, implementation, and maintenance of the cybersecurity governance framework, including policies, standards, procedures, and guidelines.
- Assist in designing and improving cybersecurity governance operating models, organizational structures, and RACI matrices.
- Contribute to the development and maintenance of governance-related KPIs, KRIs, dashboards, and reporting mechanisms.
- Perform governance maturity assessments, gap analyses, and benchmarking activities against industry best practices.
- Prepare governance documentation, reports, presentations, and recommendations for client review.
- Ensure governance deliverables align with Saudi regulatory requirements, including NCA ECC, CST (formerly CITC), SAMA Cybersecurity Framework, and relevant international standards such as ISO/IEC 27001 and NIST Cybersecurity Framework.
- Support governance committees, working groups, and client workshops by preparing documentation, facilitating discussions, and tracking action items.
- Collaborate with Risk Management, Compliance, Third-Party Risk Management (TPRM), Enterprise Architecture, and Security Operations teams to ensure governance activities are integrated across cybersecurity domains.
- Assist in the review and quality assurance of governance documentation and project deliverables.
- Monitor regulatory updates and industry trends to recommend improvements to governance practices.
- Provide advisory support to clients on cybersecurity governance best practices and regulatory compliance requirements.
- Contribute to knowledge sharing, documentation, and continuous improvement initiatives within the Cybersecurity GRC practice.
Qualifications
- Bachelor's degree in Cybersecurity, Information Security, Information Technology, Computer Science, or a related discipline.
- 3–7 years of experience in Cybersecurity Governance, Risk & Compliance (GRC), Information Security, or Cybersecurity Consulting.
- Experience in developing governance documentation, policies, standards, and cybersecurity frameworks.
- Familiarity with cybersecurity governance operating models and organizational structures.
- Experience supporting governance assessments, compliance initiatives, and regulatory audits.
- Knowledge of Saudi cybersecurity regulations and international security standards.
- Experience working within consulting, managed services, or large enterprise environments is preferred.
Work Conditions
Business Unit: Strategy & Transformation
Level: Mid Level
Location: Riyadh, Saudi Arabia