GRC Consultant; Compliance

Help AG is looking for an experienced GRC Consultant who is responsible for compliance management and successful alignment with national cybersecurity regulations, including the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC) and SDAIA data governance frameworks.

This role involves conducting compliance assessments, policy assessments, developing compliance framework, evidence collection, reports and roadmaps, and advising on regulatory readiness and compliance status.

The Strategic Security Consultant will be expected to work independently and as part of a cross functional team, led by a project or program manager.

• Conduct compliance assessments aligned with local (e.g., NCA, SDAIA) and international standards, accounting for regulatory changes.

• Perform gap analyses on internal controls and external regulatory requirements.

• Review and update compliance related policies, procedures, and frameworks.

• Promote GRC objectives to foster a compliance-aware culture.

• Engage stakeholders through structured interviews and validate findings collaboratively.

• Establish workflows to track cybersecurity compliance, monitor compliance status, audit findings, and remediation efforts.

• Facilitate the evidence collection for assessments, internal and external audits etc.

• Develop gap analysis reports, mitigation plans, and resolution roadmaps.

• Define and prioritize compliance and enhancement roadmaps based on strategic goals and budget.

• Map regulatory controls to internal policies and standards for traceability and coverage.

• Currently residing in Saudi Arabia.

• Minimum of 3-5 years of working experience in the KSA market in a similar capacity.

• Hands-on working experience in relation to Compliance management, assessments and regulatory compliance.

• Excellent working knowledge of the following:
  All NCA Controls Frameworks, SDAIA Regulations, SAMA CSF, and CITC standards/ regulations/ requirements, ISO/IEC 270XX, ISO 22301, ISO/IEC 20000-1

• Hands-on experience in delivery project activities related to the above.

• Excellent consulting skills; strong customer and business focus.

• University degree in a technical subject related to IT and/or Information Security.

• Track record in implementing cybersecurity-related frameworks.

• Good communication and interpersonal skills.

• Ability to understand complex business processes and activities.

• Flexible work approach, based on the job requirements.

• Industry professional certifications such as CISSP, CISM, and CISA are desirable.

• Health insurance with one of the leading global providers for medical insurance.

• Career progression and growth through challenging projects and work.

• Employee engagement and wellness campaigns activities throughout the year.

• Excellent learning and development opportunities.

• Inclusive and diverse working environment.

• Flexible/Hybrid working environment.

• Open door policy.

Help AG is the cybersecurity arm of e& enterprise and provides leading enterprise businesses across the Middle East with strategic consultancy combined with tailored information security solutions and services that address their diverse requirements, enabling them to evolve securely with a competitive edge.

Present in the Middle East since 2004, Help AG was strategically acquired by e& in 2020, hence creating a cybersecurity and digital transformation powerhouse in the region.

Help AG has firmly established itself as the region's trusted IT security advisor by remaining vendor agnostic, trustworthy, independent, and maintaining its focus on all aspects of cybersecurity.

With best of breed technologies from industry-leading vendor partners, expertly qualified service delivery teams and a state-of-the-art consulting practice, Help AG delivers unmatched value to its customers by strengthening their cyber defenses and safeguarding their business.