Overview
GRC Consultant (Saudi National) Jobs in Riyadh, Saudi Arabia at HCLTech
Title: GRC Consultant (Saudi National)
Company: HCLTech
Location: Riyadh, Saudi Arabia
A GRC Consultant is responsible for Governance, Risk & Compliance activities and executing, supporting GRC frameworks, performing risk assessments, ensuring regulatory compliance (e.g., SAMA, NDI, NCA), and assisting in internal controls and audit activities.
This role is typically hands-on with GRC / Cybersecurity Experience and works closely with Management, Audit, and Operations teams. Key Responsibilities
1. Governance
· Develop and implement and maintain governance frameworks, policies, and procedures as per requirements.
· Collaborate with senior consultants on the development and implementation of policies, procedures, frameworks, etc.
· Ensure documentation, tracking, and periodic review of policies, Process, Procedure as applicable
· Assist in gathering and analyzing data for GRC assessments.
· Support the preparation of Audit / Assessment reports, governance documentation, and client presentations.
· Participate in client workshops and project meetings.
· Liaise with cross-functional teams (GRC, IT, Operations) to support secure and compliant business operations.
2. Risk Management
· Perform risk assessments (operational, compliance, strategic, cyber)
· Maintain risk registers, KRIs, and mitigation plans
· Monitor risk exposure and escalate critical risks
3. Compliance
· Perform Assessments for cybersecurity regulations, frameworks (e.g., ISO 27001, NCA-Frameworks (ECC, CSCC, DCC), and best practices.
· Ensure adherence to Saudi regulations (SAMA, CMA, NCA, etc.)
· Conduct compliance reviews, gap assessments, and control testing
4. Audits (Both Internal & External Audits)
· Review and test internal controls
· Support internal & external audits and remediation tracking
· Follow up on audit findings and closure of issue with agreed ETA
· Evaluate third-party vendors for compliance with security standards and risk management requirements.
5. Reporting & Documentation
· Track and report key GRC metrics and issues to stakeholders and executive leadership.
· Maintain audit workpapers, RCMs, and evidence documentation
· Communicate findings and recommendations to stakeholders
6. Advisory & Stakeholder Support
· Provide GRC advisory to business units
· Promote risk & compliance awareness culture
· Collaborate with IT, Business & Ops teams
Minimum Requirements:
· Saudi national
· Bachelor's degree in Cybersecurity, Information Technology, or related fields.
· Minimum Experience 5-8 years in: GRC / Risk / Compliance / Audit / Internal Audits
· Strong understanding of enterprise risk management (ERM)
· Knowledge of regulatory compliance in KSA
· Analytical and problem-solving skills
· Strong documentation and reporting ability
· Stakeholder communication skills
· Familiarity with GRC tools (e.g., Archer, ServiceNow, Jira – optional)
· Certifications will be an added advantage example, CISA, CRISC, CISM, ISO 27001, Comptia ++ etc.
Competencies:
· Strong analytical and problem-solving skills.
· Willingness to learn and adapt in a dynamic environment.
· Effective communication skills (verbal and written).
· Attention to detail in documentation and reporting.
· Team-oriented mindset with a proactive attitude.