A GRC Consultant is responsible for Governance, Risk & Compliance activities and executing, supporting GRC frameworks, performing risk assessments, ensuring regulatory compliance (e.g., SAMA, NDI, NCA), and assisting in internal controls and audit activities. This role is typically hands-on with GRC / Cybersecurity Experience and works closely with Management, Audit, and Operations teams. Key Responsibilities
1. Governance· Develop and implement and maintain governance frameworks, policies, and procedures as per requirements.· Collaborate with senior consultants on the development and implementation of policies, procedures, frameworks, etc.· Ensure documentation, tracking, and periodic review of policies, Process, Procedure as applicable· Assist in gathering and analyzing data for GRC assessments.· Support the preparation of Audit / Assessment reports, governance documentation, and client presentations.· Participate in client workshops and project meetings.· Liaise with cross-functional teams (GRC, IT, Operations) to support secure and compliant business operations.
2. Risk Management· Perform risk assessments (operational, compliance, strategic, cyber)· Maintain risk registers, KRIs, and mitigation plans· Monitor risk exposure and escalate critical risks
3. Compliance· Perform Assessments for cybersecurity regulations, frameworks (e.g., ISO 27001, NCA-Frameworks (ECC, CSCC, DCC), and best practices.· Ensure adherence to Saudi regulations (SAMA, CMA, NCA, etc.)· Conduct compliance reviews, gap assessments, and control testing
4. Audits (Both Internal & External Audits)· Review and test internal controls· Support internal & external audits and remediation tracking· Follow up on audit findings and closure of issue with agreed ETA· Evaluate third-party vendors for compliance with security standards and risk management requirements.
5. Reporting & Documentation· Track and report key GRC metrics and issues to stakeholders and executive leadership.· Maintain audit workpapers, RCMs, and evidence documentation· Communicate findings and recommendations to stakeholders6. Advisory & Stakeholder Support· Provide GRC advisory to business units· Promote risk & compliance awareness culture· Collaborate with IT, Business & Ops teams
Minimum Requirements:· Saudi national· Bachelor's degree in Cybersecurity, Information Technology, or related fields.· Minimum Experience 5-8 years in: GRC / Risk / Compliance / Audit / Internal Audits· Strong understanding of enterprise risk management (ERM)· Knowledge of regulatory compliance in KSA· Analytical and problem-solving skills· Strong documentation and reporting ability· Stakeholder communication skills· Familiarity with GRC tools (e.g., Archer, Service Now, Jira – optional)· Certifications will be an added advantage example, CISA, CRISC, CISM, ISO 27001, Comptia ++ etc.
Competencies:· Strong analytical and problem-solving skills.· Willingness to learn and adapt in a dynamic environment.· Effective communication skills (verbal and written).· Attention to detail in documentation and reporting.· Team-oriented mindset with a proactive attitude.