Cybersecurity GRC Consultant

About the role

We are seeking a highly experienced Cybersecurity Governance, Risk and Compliance (GRC) Consultant to operationalise and mature the GRC function of one of Saudi Arabia’s largest banks. The consultant will work directly with the bank’s CISO, Audit Committee and senior leadership to ensure regulatory compliance and a robust cybersecurity posture.

Key responsibilities

• Review, update and align all cybersecurity GRC policies, standards, procedures, frameworks and control documentation with internal policies, regulatory requirements and industry best practices.
• Conduct comprehensive compliance and maturity assessments against frameworks such as SAMA CSF, NCA ECC, SWIFT CSP, ISO 27001, PCI DSS, fraud risk management requirements, threat intelligence frameworks and DORA.
• Identify compliance gaps, control deficiencies and process inefficiencies to improve audit readiness, evidence management and regulatory reporting.
• Perform enterprise‑wide cybersecurity risk assessments and prioritize findings based on business impact, regulatory exposure and control effectiveness.
• Develop and implement a remediation and compliance improvement roadmap with clear timelines, ownership and measurable outcomes.
• Streamline and automate compliance processes, including evidence collection, control validation, workflow management, exception tracking and monitoring.
• Establish centralized compliance reporting and dashboards for executive management, the Board, internal audit and regulators.

Required profile

• Proven experience in cybersecurity GRC within a highly regulated banking environment.
• Hands‑on experience collaborating with internal audit teams, external regulators and senior executives.
• Ability to translate strategic GRC objectives into measurable, automated processes.
• Strong knowledge of Saudi regulatory frameworks and international standards.
• Experience conducting enterprise‑wide risk assessments and leading remediation initiatives.

Required skills

• SAMA CSF
• NCA ECC
• SWIFT CSP
• ISO 27001
• PCI DSS
• DORA
• Fraud risk management frameworks
• Threat intelligence frameworks