GRC Consultant

About the Role

The GRC Consultant will support Catalyic Gulf’s clients in achieving compliance with a range of KSA regulatory frameworks and global security standards. You will lead assessments, prepare documentation, drive implementation activities, and act as a key advisor to client stakeholders.

Key Responsibilities

• Lead end-to-end GRC consulting engagements
• Conduct compliance assessments for the following frameworks:
  • PDPL (Saudi Data Protection Law)
  • NCA ECC & CCC
  • SAMA Cyber Security Framework
  • Saudi Aramco Cybersecurity Requirements
• Conduct gap assessments and develop implementation roadmaps
• Prepare policies, procedures, risk assessments, and security documentation
• Deliver workshops, awareness training, and client consultations
• Support ISO, SOC and related security certification initiatives
• Work with cross-functional teams to ensure smooth execution of projects
• Maintain communication with client management and provide expert-level advice

Required Skills & Experience

• Strong understanding of KSA’s cybersecurity regulatory landscape
• Experience implementing ISO 27001, ISO 22301, ISO 20000, NIST CSF / 800-53
• Strong report writing, documentation, and presentation skills
• Ability to lead stakeholder sessions and manage multiple projects
• Experience supporting audits (ISO, SOC 1/2, Aramco)
• Excellent communication and professionalism

Education & Certifications (Preferred)

• Bachelor’s or Master’s degree in Cyber Security, IT, or a related field
• Relevant certifications preferred:
  • ISO 27001 LI/LA
  • ISO 22301 LI/LA
  • CISM, CISSP, CISA, or equivalent