Cybersecurity GRC Consultant

We are seeking a proactive and detail-oriented Cybersecurity Governance, Risk, Compliance (GRC) & Awareness Consultant to join one of our clients in KSA and strengthen their corporate security framework. This role is central to developing robust policies, ensuring compliance with standards, and cultivating a security-aware culture across the organization.Key Responsibility:1. Cybersecurity Governance, Policy & PlanningPolicy Development: Develop, update, and maintain comprehensive security policies, procedures, and standards aligned with corporate and regulatory requirements.Framework Management: Develop and mature the cybersecurity corporate governance framework to align with the overall cybersecurity management operating model.Strategic Planning: Review and update critical cybersecurity plans, including the Cybersecurity Incident Response Plan (CSIRP) and the Minimum Security Baselines.Access Review: Participate in periodic user reviews within the scope of access and permissions management to ensure the principle of least privilege is maintained.Performance Measurement: Develop and track Key Performance Indicators (KPIs) to effectively measure progress and efficacy in implementing the overall security strategy.2. Gap Assessments & ComplianceGap Analysis: Conduct regular gap assessments to analyze the current state of cybersecurity governance and identify areas for improvement against relevant national and international standards (e.g., NCA, ISO 27001, NIST).3. Security Awareness & TrainingProgram Management: Review and update the annual cybersecurity awareness plan covering all categories of employees, including customized content for leadership and sensitive departments.Campaign Execution: Conduct periodic awareness campaigns utilizing various channels (internal announcements, brochures, awareness screens, email, etc.).Training & Workshops: Organize and conduct specialized workshops and training sessions in cooperation with the HR Department.Testing & Reporting: Conduct simulated cybersecurity attack tests (e.g., phishing campaigns) and meticulously analyze the results.Awareness Reporting: Submit periodic reports detailing participation rates, measured awareness levels, and areas requiring improvement in the training program.Required Qualifications and ExperienceExperience: 3+ years of dedicated experience in cybersecurity governance, implementing controls, and developing/managing awareness campaigns.Regional Experience: Practical experience operating within the Kingdom of Saudi Arabia (KSA) is mandatory.Language: Arabic speaking is mandatory for effective communication and development of localized policies and awareness material.Technical Knowledge: Strong understanding of security principles, control frameworks (e.g., NIST, ISO 27001), and the lifecycle of security policy and procedure development.Desired Certifications (Highly Recommended)ISC2 Certified Information Systems Security Professional (CISSP)ISACA Certified Information Security Manager (CISM)ISO 27001 Lead Implementer/Auditor