Cybersecurity & Compliance Consultant

Cybersecurity & Compliance Consultant – SAMA, NCA ECC, ISO 27001, BCM

Location: Cairo – Egypt
Employment Type: Full-Time
Reporting to: Cybersecurity Consulting Director
Company: Confidential Saudi Cybersecurity Consultancy (Financial, Fintech & Critical Infrastructure)

Role Summary

We are seeking a Senior Cybersecurity & Compliance Consultant with strong hands-on experience delivering SAMA Cybersecurity Framework, NCA Essential Cybersecurity Controls (ECC), ISO 27001, and Business Continuity Management (BCM) services.

The consultant will lead regulatory assessments, multi-phase implementation programs, governance design, policy development, technical control validation, and closure of audit findings for regulated Saudi entities. The role also includes client-facing consulting, pre-sales support, solution design, and post-sales delivery, with eligibility for performance-based bonuses linked to sales contribution.

Core Responsibilities

Cybersecurity, GRC & Compliance Delivery

• Lead full SAMA CSF assessments including maturity scoring, evidence review, control validation, remediation planning, and executive dashboards.
• Conduct NCA ECC compliance assessments, including technical control validation, policy reviews, and alignment with cloud and security architectures.
• Perform ISO 27001 ISMS gap assessments, documentation development, internal audits, certification readiness, and risk treatment planning.
• Deliver BCM / ISO 22301 services including BIAs, risk assessments, RTO/RPO definition, DR testing, and resilience program design.
• Conduct detailed gap analysis sessions with technical and operational teams.
• Review and validate cybersecurity controls such as IAM, network security, monitoring, incident response, logging, disaster recovery, and cloud security.
• Design and develop governance documentation including policies, procedures, standards, baselines, guidelines, and SOPs.
• Lead workshops, awareness sessions, tabletop exercises, resilience drills, and certification readiness workshops.
• Prepare executive and board-level presentations summarizing risks, gaps, and cybersecurity priorities.

Engagement, Client Management & Commercial Support

Client-Facing Responsibilities

• Lead end-to-end consulting engagements and manage scope, timelines, and deliverables.
• Conduct stakeholder interviews, steering committee briefings, and management reporting.
• Provide strategic cybersecurity and compliance advisory aligned with Saudi regulatory requirements.
• Support clients during audits, regulatory inspections, and compliance reviews.

Pre-Sales & Sales Support

• Participate in scoping calls and requirements analysis with prospective clients.
• Support proposal development, method statements, and technical/commercial documentation.
• Present solution approaches, methodologies, and engagement plans during pre-sales meetings.
• Assist in positioning cybersecurity and compliance services to banks, fintechs, SMEs, and critical infrastructure entities.
• Contribute to upsell opportunities including follow-up assessments, governance enhancements, and extended compliance programs.

Post-Sales & Implementation Responsibilities

• Guide client teams in implementing cybersecurity and governance controls.
• Track remediation progress and validate closure of gaps through evidence review.
• Support ISMS and BCMS implementation, SOP establishment, and operationalization.
• Conduct readiness assessments and validation testing prior to certification or regulatory review.
• Review deliverables produced by junior consultants and ensure quality and regulatory alignment.
• Maintain consistent use of consulting templates, frameworks, and methodologies.

Key Deliverables

• SAMA CSF, NCA ECC, ISO 27001, and BCM assessment reports.
• Governance documentation including policies, procedures, standards, and baselines.
• Remediation plans, audit closure evidence, ISMS and BCMS documentation.
• Executive summaries, maturity dashboards, and risk heatmaps.
• DR test results, BCM exercise reports, and ISMS internal audit reports.

Qualifications & Experience

Technical Requirements

• Strong, proven knowledge of:
  • SAMA Cybersecurity Framework (mandatory)
  • NCA Essential Cybersecurity Controls
  • ISO 27001 (mandatory)
  • BCM / ISO 22301 (highly preferred)
• Solid understanding of enterprise security controls and governance documentation.

Professional Experience

• 6–12+ years of experience in cybersecurity, GRC, BCM, or audit.
• Mandatory consulting experience with direct client interaction and delivery.
• Preferred experience in regulated sectors such as banking, fintech, telecom, or energy.

Preferred Certifications

• ISO 27001 Lead Implementer / Lead Auditor
• ISO 22301 Lead Implementer / Lead Auditor
• CISSP, CISM, CRISC
• CompTIA Security+, cloud or NIST-related certifications (plus)

Competencies & Behavioral Skills

• Strong analytical skills and ability to translate regulatory requirements into actionable plans.
• Excellent documentation, reporting, and presentation skills.
• Confident client handling and senior stakeholder engagement.
• Structured, professional, and business-oriented consulting mindset.
• Strong time management and ability to manage multiple remote engagements.
• Sales-oriented mindset with willingness to support revenue growth.

Engagement Model & Expectations

• Lead multiple cybersecurity and compliance engagements concurrently.
• Maintain consulting quality aligned with Big-4 standards.
• Contribute to internal knowledge base, methodologies, and templates.
• Support both delivery and sales functions.
• Operate independently in a fully remote environment with high accountability.