GRC Expert (Saudi National)

We are seeking a highly skilled GRC Specialist to support the Governance, Risk & Compliance (GRC) initiatives for one of EY’s key clients in Riyadh. The selected candidate will play a critical role in strengthening the organization’s ISO 27001:2022 Information Security Management System (ISMS), ensuring ongoing compliance, maintaining documentation, and supporting audit readiness.Key ResponsibilitiesISO 27001 Governance & ComplianceDevelop, review, and update ISMS policies, procedures, standards, and governance documentation.Ensure alignment of all documentation and processes with ISO 27001:2022 controls and best practices.Drive continuous improvement across ISMS implementations.Risk ManagementConduct and support periodic risk assessments, update risk registers, and maintain security-related documentation.Manage ISMS records, logs, and evidence repositories to support control validation.Audit PreparednessLead and support the organization in internal and external ISO 27001 audits.Coordinate with internal teams, external auditors, and stakeholders to provide required evidence and responses.Ensure full compliance with ISO control requirements.Reporting & GovernancePrepare professional governance materials including:Reports & dashboardsAudit summariesBoard-level presentationsCompliance tracking sheetsProvide continuous visibility to leadership on ISMS performance and risks.Technical AdvisoryProvide technical input and guidance on:Firewall and network security solutionsWAF, load balancers, and SIEM technologiesWindows Server & Linux environmentsAzure/AWS/GCP cloud environmentsBasic scripting languages (Python, PHP, JavaScript)Collaborate with technical teams to validate controls, review configurations, and ensure security compliance.Candidate RequirementsExperienceMinimum 8+ years of experience in Cybersecurity, GRC, and ISMS implementations.Demonstrated expertise in implementing, managing, and maintaining ISO 27001 frameworks.Strong background in security documentation, governance activities, and audit support.Technical CompetenciesSolid understanding of firewalls, WAF, SIEM platforms, and network security components.Hands-on experience with Windows & Linux server environments.Knowledge of cloud security principles across major cloud providers (Azure/AWS/GCP).Basic programming/scripting skills (Python, PHP, JavaScript)