We are seeking a high-caliber GRC specialist to support our diverse client portfolio. In this role, you will act as a trusted advisor, helping our clients navigate the complex intersection of global security frameworks and local regulatory requirements. You will be responsible for assessing client security postures, identifying risk, and ensuring total alignment with Saudi national regulations. This role will be on a fulltime or freelance basis.
Key Responsibilities
Provide expert guidance to clients on designing and maintaining information security management systems (ISMS).
Conduct thorough gap assessments against NCA (ECC/CSCC), SAMA, and PDPL requirements to prepare clients for external certification audits.
Facilitate risk assessment workshops, identify organizational threat vectors, and provide structured mitigation recommendations.
Author, review, and refine security policies, standards, and procedural documentation tailored to the unique business needs of our clients.
Deliver clear, high-quality, and professional reports to client leadership regarding their current compliance maturity and remediation progress.
Serve as the primary point of contact for client management teams, ensuring transparent and consistent communication regarding compliance projects.
Qualifications and Requirements
A relevant university degree
Proven experience in GRC, cybersecurity consulting, or auditing, with a deep understanding of the Saudi regulatory landscape (NCA, PDPL, etc.).
Advanced knowledge of ISO 27001, NIST CSF, and local Saudi cybersecurity controls.
Ability to translate highly technical findings into clear, business-driven risk language for non-technical stakeholders.
Current certification as CISA, CISM, CRISC, or ISO 27001 Lead Auditor is desirable.
Strong commitment to confidentiality, ethical standards, and meticulous documentation.
Please send your CV to [email protected] with the subject “GRC Specialist”.