Cybersecurity GRC Consultant

• Develop and maintain cybersecurity governance, risk management, and compliance frameworks, strategies, and practices.
• Collaborate with cross-functional teams to identify and assess cybersecurity risks and vulnerabilities.
• Conduct regular security assessments, risk assessments, and gap analyses to ensure compliance with industry standards, regulations, and best practices.
• Provide expert guidance in the development of policies, procedures, and controls to mitigate cybersecurity risks.
• Review and analyze security controls, processes, and technologies to identify and address any gaps or weaknesses.
• Monitor and evaluate emerging cyber threats and vulnerabilities
• recommend appropriate mitigation strategies.
• Stay abreast of changes in regulatory requirements, industry standards, and cybersecurity best practices to ensure ongoing compliance.
• Act as a subject matter expert and provide guidance to stakeholders, including management, on cybersecurity governance, risk management, and compliance matters.
• Conduct cybersecurity awareness and training programs for employees to promote a culture of security and compliance.
• Assist with incident response, investigations, and the recovery process, ensuring appropriate actions are taken to address and mitigate any security incidents.

• Bachelor’s degree in computer science, Information Technology, or a related field. Relevant professional certifications (e.g., CISSP, CISM, CRISC) are highly desirable.
• Minimum 1-2 years of Cybersecurity GRC Consultant experience
• Proven experience as a Cybersecurity GRC Consultant or in a similar role, with a strong focus on governance, risk management, and compliance.
• In-depth knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, GDPR) and their practical implementation.
• Familiarity with security controls, technologies, and best practices across various domains, such as network security, application security, and data protection.
• Strong analytical and problem-solving skills, with the ability to assess risks, identify vulnerabilities, and develop effective mitigation strategies.
• Excellent communication and presentation skills, with the ability to convey complex cybersecurity concepts to stakeholders at all levels.
• Strong understanding of regulatory requirements relevant to National Cybersecurity Authority.
• Demonstrated commitment to ongoing professional development in the field of cybersecurity.
• Native Arabic speaker and professional in English language.

IT-Security C&T