GRC Consultant📣 Job Ad

About the Role

Ebryx LLC is seeking an experienced GRC Consultant to join its team in Riyadh. This full-time position requires a professional with 5-10 years of experience in cybersecurity governance, risk management, and compliance. The consultant will work with clients to enhance their security posture and achieve compliance with international standards.

Role Overview

The GRC Consultant will be responsible for assessing client security maturity, identifying risks, and implementing compliance programs. This role involves supporting regulatory and certification initiatives, developing security policies, and providing advisory services on cybersecurity best practices. Ebryx LLC is a cybersecurity services and solutions company focused on helping organizations strengthen their security and meet compliance requirements.

Key Responsibilities

• Conducting Governance, Risk, and Compliance (GRC) assessments for clients.
• Performing risk assessments, gap analyses, and security maturity evaluations.
• Developing and maintaining information security policies, procedures, standards, and guidelines.
• Supporting organizations in implementing and maintaining compliance with international standards and frameworks.
• Assisting clients in achieving certifications and meeting regulatory compliance requirements.
• Conducting internal audits and readiness assessments.
• Developing risk treatment plans and tracking remediation activities.
• Facilitating risk workshops and stakeholder meetings.
• Preparing executive-level reports, presentations, and compliance dashboards.
• Providing advisory services on cybersecurity governance and best practices.
• Supporting security awareness and compliance training initiatives.
• Coordinating with technical security teams to address identified compliance gaps.

Qualifications and Requirements

• Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field.
• Minimum 5 years of hands-on experience in Governance, Risk & Compliance (GRC).
• Strong understanding of cybersecurity governance principles and risk management methodologies.
• Experience conducting compliance assessments and security audits.
• Excellent report writing and client communication skills.
• Ability to engage with senior management and business stakeholders.

Preferred Experience and Skills

Hands-on experience with one or more of the following frameworks is preferred:

• ISO/IEC 27001
• ISO 22301
• NIST Cybersecurity Framework (CSF)
• PCI DSS
• SAMA Cybersecurity Framework

Additionally, one or more of the following certifications are highly desirable:

• ISO 27001 Lead Implementer
• ISO 27001 Lead Auditor
• CISA
• CRISC
• CISSP
• CISM
• CGRC (formerly CAP)
• PCI QSA (preferred)

Strong analytical and problem-solving skills, excellent documentation and presentation abilities, client-facing consulting experience, and the ability to manage multiple projects are essential. Fluency in English is required, and Arabic language skills are a plus.

Work Environment

This is a full-time position based in Riyadh. The role offers exposure to large-scale cybersecurity and compliance programs and the opportunity to work alongside experienced cybersecurity professionals within a company that values innovation and professional development.