Job Description

Cybersecurity & Compliance Consultant - SAMA, NCA ECC, ISO 27001, BCM

--------------------------------------------------------------------------

Location:

Cairo - Egypt

Employment Type:

Full-Time

Reporting to:

Cybersecurity Consulting Director

Company:

Confidential Saudi Cybersecurity Consultancy (Financial, Fintech & Critical Infrastructure)

Role Summary

We are seeking a

Senior Cybersecurity & Compliance Consultant

with strong hands-on experience delivering SAMA Cybersecurity Framework, NCA Essential Cybersecurity Controls (ECC), ISO 27001, and Business Continuity Management (BCM) services.


The consultant will lead regulatory assessments, multi-phase implementation programs, governance design, policy development, technical control validation, and closure of audit findings for regulated Saudi entities. The role also includes client-facing consulting, pre-sales support, solution design, and post-sales delivery, with eligibility for performance-based bonuses linked to sales contribution.

Core Responsibilities

Cybersecurity, GRC & Compliance Delivery

Lead full SAMA CSF assessments including maturity scoring, evidence review, control validation, remediation planning, and executive dashboards. Conduct NCA ECC compliance assessments, including technical control validation, policy reviews, and alignment with cloud and security architectures. Perform ISO 27001 ISMS gap assessments, documentation development, internal audits, certification readiness, and risk treatment planning. Deliver BCM / ISO 22301 services including BIAs, risk assessments, RTO/RPO definition, DR testing, and resilience program design. Conduct detailed gap analysis sessions with technical and operational teams. Review and validate cybersecurity controls such as IAM, network security, monitoring, incident response, logging, disaster recovery, and cloud security. Design and develop governance documentation including policies, procedures, standards, baselines, guidelines, and SOPs. Lead workshops, awareness sessions, tabletop exercises, resilience drills, and certification readiness workshops. Prepare executive and board-level presentations summarizing risks, gaps, and cybersecurity priorities.

Engagement, Client Management & Commercial Support

Client-Facing Responsibilities

Lead end-to-end consulting engagements and manage scope, timelines, and deliverables. Conduct stakeholder interviews, steering committee briefings, and management reporting. Provide strategic cybersecurity and compliance advisory aligned with Saudi regulatory requirements. Support clients during audits, regulatory inspections, and compliance reviews.

Pre-Sales & Sales Support

Participate in scoping calls and requirements analysis with prospective clients. Support proposal development, method statements, and technical/commercial documentation. Present solution approaches, methodologies, and engagement plans during pre-sales meetings. Assist in positioning cybersecurity and compliance services to banks, fintechs, SMEs, and critical infrastructure entities. Contribute to upsell opportunities including follow-up assessments, governance enhancements, and extended compliance programs.

Post-Sales & Implementation Responsibilities

Guide client teams in implementing cybersecurity and governance controls. Track remediation progress and validate closure of gaps through evidence review. Support ISMS and BCMS implementation, SOP establishment, and operationalization. Conduct readiness assessments and validation testing prior to certification or regulatory review. Review deliverables produced by junior consultants and ensure quality and regulatory alignment. Maintain consistent use of consulting templates, frameworks, and methodologies.

Key Deliverables

SAMA CSF, NCA ECC, ISO 27001, and BCM assessment reports. Governance documentation including policies, procedures, standards, and baselines. Remediation plans, audit closure evidence, ISMS and BCMS documentation. Executive summaries, maturity dashboards, and risk heatmaps. DR test results, BCM exercise reports, and ISMS internal audit reports.

Qualifications & Experience

Technical Requirements

Strong, proven knowledge of: + SAMA Cybersecurity Framework (mandatory)
+ NCA Essential Cybersecurity Controls
+ ISO 27001 (mandatory)
+ BCM / ISO 22301 (highly preferred)
Solid understanding of enterprise security controls and governance documentation.

Professional Experience

6-12+ years of experience in cybersecurity, GRC, BCM, or audit. Mandatory consulting experience with direct client interaction and delivery. Preferred experience in regulated sectors such as banking, fintech, telecom, or energy.

Preferred Certifications

ISO 27001 Lead Implementer / Lead Auditor ISO 22301 Lead Implementer / Lead Auditor CISSP, CISM, CRISC CompTIA Security+, cloud or NIST-related certifications (plus)

Competencies & Behavioral Skills

Strong analytical skills and ability to translate regulatory requirements into actionable plans. Excellent documentation, reporting, and presentation skills. Confident client handling and senior stakeholder engagement. Structured, professional, and business-oriented consulting mindset. Strong time management and ability to manage multiple remote engagements. Sales-oriented mindset with willingness to support revenue growth.

Engagement Model & Expectations

Lead multiple cybersecurity and compliance engagements concurrently. Maintain consulting quality aligned with Big-4 standards. Contribute to internal knowledge base, methodologies, and templates. Support both delivery and sales functions. * Operate independently in a fully remote environment with high accountability.