Job Description

Date Posted:

14 November, 2025

Industry:

IT Services and IT Consulting

Location:

VAPORVM IT SERVICES DMCC

:

--------------------

- GRC Consultant (Saudi National)

=====================================================

Overview

------------



We are seeking a highly qualified

GRC Consultant

under our

staff augmentation model

to support the Governance, Risk & Compliance (GRC) scope for one of EY's clients in Riyadh. The resource will play a key role in strengthening the client's ISO 27001 Information Security Management System (ISMS), ensuring compliance, and preparing for audits.

Key Responsibilities

------------------------

ISO 27001 Governance & Compliance

Develop, review, and update ISO 27001-related

policies, procedures, and standards

covering governance, risk management, and cybersecurity compliance. Ensure alignment of documentation with ISO 27001:2022 requirements and best practices.

Risk Management & Documentation

Conduct and support

risk assessments

, maintain risk registers, and prepare documentation in accordance with ISO 27001 controls. Maintain and update ISMS-related records, logs, reports, and evidence repositories.

Audit Support & Readiness

Prepare the organization for

internal and external audits

, ensuring full compliance with ISO 27001 requirements. Coordinate with internal stakeholders and audit teams to provide required documentation and responses.

Reporting & Governance Material

Develop

reports, dashboards, presentations, and board-level materials

to support cybersecurity governance and ongoing ISO-related initiatives.

Technical Advisory

Provide technical input relating to: + Firewall and Network Security
+ WAF, Load Balancers, SIEM solutions
+ Windows Server & Linux environments
+ Cloud environments (Azure/AWS/GCP), scripting (Python, PHP, JavaScript)
Work closely with technical teams to validate controls, security configurations, and compliance readiness.

Candidate Requirements

--------------------------

Experience

8+ years

of hands-on experience in cybersecurity and GRC projects. Proven experience in

implementing, managing, or maintaining ISO 27001 ISMS

, including documentation and audit support.

Technical Skills

Strong technical understanding of: + Firewalls, WAF, SIEM tools
+ Load balancing technologies
+ Windows & Linux server environments
+ Cloud infrastructure security
+ Basic scripting/programming knowledge (Python, PHP, JavaScript)