GRC Consultant (Compliance)📣 Job Ad

About the Role

Help AG is seeking an experienced GRC Consultant to join our team in Riyadh. This full-time position focuses on compliance management and ensuring alignment with national cybersecurity regulations, including the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC) and SDAIA data governance frameworks. The role requires a professional with 5-10 years of experience in the field.

Role Context and Responsibilities

The GRC Consultant will be responsible for conducting comprehensive compliance and policy assessments, developing robust compliance frameworks, and managing evidence collection and reporting. This role involves advising on regulatory readiness and current compliance status, working both independently and collaboratively within cross-functional teams under project management guidance.

• Conduct compliance assessments aligned with local (*, NCA, SDAIA) and international standards, adapting to regulatory changes.
• Perform gap analyses between internal controls and external regulatory requirements.
• Review and update compliance-related policies, procedures, and frameworks.
• Promote GRC objectives to foster a culture of compliance awareness.
• Engage stakeholders through structured interviews and collaboratively validate findings.
• Establish workflows for tracking cybersecurity compliance, monitoring status, audit findings, and remediation efforts.
• Facilitate the collection of evidence for assessments, internal, and external audits.
• Develop gap analysis reports, mitigation plans, and resolution roadmaps.
• Define and prioritize compliance and enhancement roadmaps based on strategic goals and budget.
• Map regulatory controls to internal policies and standards for traceability and coverage.

Qualifications and Experience

Candidates must be currently residing in Saudi Arabia and possess a minimum of 3-5 years of relevant working experience within the KSA market. Hands-on experience in compliance management, assessments, and regulatory compliance is essential. A university degree in a technical subject related to IT and/or Information Security is required. A track record in implementing cybersecurity-related frameworks is also necessary.

• Excellent working knowledge of NCA Controls Frameworks, SDAIA Regulations, SAMA CSF, CITC standards/regulations/requirements, ISO/IEC 270XX, ISO 22301, and ISO/IEC 20000-1.
• Hands-on experience in delivering project activities related to the above frameworks.
• Excellent consulting skills with a strong customer and business focus.
• Good communication and interpersonal skills.
• Ability to understand complex business processes and activities.
• Flexible work approach, adaptable to job requirements.
• Industry professional certifications such as CISSP, CISM, and CISA are desirable.

Work Environment and Benefits

This is a full-time position based in Riyadh. Help AG offers a flexible/hybrid working environment and promotes an inclusive and diverse workplace. Employees benefit from health insurance with a leading global provider, career progression opportunities through challenging projects, and excellent learning and development programs. Employee engagement and wellness activities are conducted throughout the year.

About Help AG

Help AG is the cybersecurity arm of e& enterprise, providing strategic consultancy and tailored information security solutions to leading enterprise businesses across the Middle East. Established in the region in 2004 and acquired by e& in 2020, Help AG has become a trusted IT security advisor known for its vendor-agnostic, independent approach. Leveraging best-of-breed technologies and expert service delivery teams, Help AG strengthens cyber defenses and safeguards businesses.