Senior GRC Consultant (Cybersecurity)

We are looking for a Senior GRC Consultant with a strong consulting background and hands-on experience in Governance, Risk, and Compliance (GRC) within Saudi Arabia. The ideal candidate will have deep knowledge of Saudi cybersecurity regulations, including NCA frameworks, and proven experience in developing policies, procedures, and conducting security assessments.

This role requires strong executive reporting and presentation skills, as you will be engaging with senior stakeholders, delivering strategic cybersecurity insights, and guiding organizations through regulatory compliance.

Key Responsibilities:

✅ GRC & Compliance:

• Develop and implement cybersecurity governance frameworks, policies, and procedures aligned with NCA regulations and other Saudi cybersecurity standards.
• Conduct risk assessments, gap analyses, and compliance audits for organizations across multiple industries.
• Ensure alignment with ISO 27001, NIST, and other global best practices while integrating Saudi-specific regulatory requirements.

✅ Consulting & Assessments:

• Lead cybersecurity maturity assessments and provide remediation strategies to enhance security posture.
• Deliver tailored cybersecurity advisory services to clients, ensuring compliance with regulatory requirements.
• Support internal teams and client organizations in cyber risk management, third-party risk assessments, and incident response planning.

✅ Executive Reporting & Stakeholder Engagement:

• Provide high-level reports, presentations, and cybersecurity briefings for senior executives and board members.
• Translate complex cybersecurity risks into actionable insights for business leaders.
• Advise C-level executives on regulatory changes, risk mitigation strategies, and cybersecurity governance improvements.

Requirements:

✔️ 5+ years of experience in Cybersecurity GRC, with a proven track record in the Saudi market.

✔️ Strong understanding of Saudi cybersecurity regulations, including NCA, ECC, and other relevant frameworks.

✔️ Experience developing cybersecurity policies, procedures, and governance models.

✔️ Consulting background, preferably with a Big 4 or leading cybersecurity consulting firm.

✔️ Expertise in executive reporting, security risk assessments, and regulatory compliance.

✔️ Strong presentation, communication, and stakeholder management skills.

✔️ Relevant certifications such as CISM, CISSP, CRISC, ISO 27001 Lead Auditor/Implementer are a plus.

If you’re a cybersecurity GRC expert with Saudi experience looking for your next opportunity, we’d love to hear from you!

Salt is acting as an Employment Business in relation to this vacancy.

Please enter your full name.

Enter a valid email address.

Upload your CV to accompany your application for this job.

Fields marked with * are required.