GRC Cybersecurity Consultant SME (Contract)

12 months renewable contract

Job Summary:

We are looking for a seasoned GRC Subject Matter Expert (SME) with strong expertise in KSA-specific cybersecurity and compliance frameworks , particularly those mandated by the National Cybersecurity Authority (NCA) . The candidate will play a key role in implementing and maintaining cybersecurity governance, managing risk, and ensuring compliance with local and international regulatory standards.

Key Responsibilities:

Governance:

• Implement and manage cybersecurity governance in alignment with NCA Cybersecurity Framework and CSF .
• Develop and review cybersecurity policies, procedures, and standards to ensure regulatory compliance and alignment with business objectives.
• Support the establishment of cybersecurity roles, responsibilities, and committees as per NCA guidelines.

Risk Management:

• Conduct regular cyber risk assessments across organizational assets and functions.
• Implement risk treatment plans aligned with organizational risk appetite.
• Maintain a risk register and report key risks to senior management and compliance bodies.
• Assist in third-party/vendor risk assessments and onboarding processes in accordance with NCA requirements.

Compliance:

• Ensure continuous compliance with NCA frameworks ( GDPR , ISO 27001 , NIST ).
• Lead internal and external compliance audits and readiness assessments.
• Prepare and submit reports and evidence for regulatory audits and inspections.

Training and Awareness:

• Design and deliver cybersecurity awareness programs as required by NCA ECC.
• Support ongoing awareness initiatives and compliance reporting metrics.

Required Qualifications and Experience:

• Bachelor's or Master's degree in Cybersecurity, Information Systems, Risk Management, or related field.
• 7 years of experience in GRC or cybersecurity compliance, preferably within the Kingdom of Saudi Arabia.
• Strong understanding of NCA ECC, CSF, DCC , and relevant KSA regulations.
• Familiarity with international standards such as ISO 27001, NIST, COBIT, CIS Controls .
• Experience with internal audits, risk assessments, and documentation as per regulatory mandates.