Job Description – GRC Consultant (Saudi National)

Overview

We are seeking a highly qualified GRC Consultant under our staff augmentation model to support the Governance, Risk & Compliance (GRC) scope for one of EY’s clients in Riyadh. The resource will play a key role in strengthening the client’s ISO 27001 Information Security Management System (ISMS), ensuring compliance, and preparing for audits.

Key Responsibilities

ISO 27001 Governance & Compliance

• Develop, review, and update ISO 27001–related policies, procedures, and standards covering governance, risk management, and cybersecurity compliance.
• Ensure alignment of documentation with ISO 27001:2022 requirements and best practices.

Risk Management & Documentation

• Conduct and support risk assessments, maintain risk registers, and prepare documentation in accordance with ISO 27001 controls.
• Maintain and update ISMS-related records, logs, reports, and evidence repositories.

Audit Support & Readiness

• Prepare the organization for internal and external audits, ensuring full compliance with ISO 27001 requirements.
• Coordinate with internal stakeholders and audit teams to provide required documentation and responses.

Reporting & Governance Material

• Develop reports, dashboards, presentations, and board-level materials to support cybersecurity governance and ongoing ISO-related initiatives.

Technical Advisory

• Provide technical input relating to:
  • Firewall and Network Security
  • WAF, Load Balancers, SIEM solutions
  • Windows Server & Linux environments
  • Cloud environments (Azure/AWS/GCP), scripting (Python, PHP, JavaScript)
• Work closely with technical teams to validate controls, security configurations, and compliance readiness.

Candidate Requirements

Experience

• 8+ years of hands-on experience in cybersecurity and GRC projects.
• Proven experience in implementing, managing, or maintaining ISO 27001 ISMS, including documentation and audit support.

Technical Skills

• Strong technical understanding of:
  • Firewalls, WAF, SIEM tools
  • Load balancing technologies
  • Windows & Linux server environments
  • Cloud infrastructure security
  • Basic scripting/programming knowledge (Python, PHP, JavaScript)