The Senior Manager - GRC Cybersecurity (Security Compliance) plays a crucial role in overseeing the organization's information security program, focusing on governance, risk management, compliance, security awareness, and policy management. The individual will ensure the company adheres to relevant regulatory, legal, and industry frameworks. Responsibilities include assessing compliance risks, preparing for audits, and collaborating across departments to maintain a strong and sustainable compliance posture.
Location: Riyadh, Saudi Arabia
Work Conditions: On-site, Full-time
Responsibilities:
- Develop, implement, and manage the organization’s Governance, Risk, and Compliance (GRC) framework aligned with regulatory requirements and industry best practices.
- Lead internal and external information security audits and coordinate with stakeholders for timely remediation of findings.
- Oversee enterprise risk management practices, including risk identification, assessment, and mitigation related to information security.
- Manage the development and maintenance of security policies, standards, and procedures.
- Serve as the primary point of contact for security compliance matters, including regulatory audits and third-party assessments.
- Collaborate with Legal, IT, Internal Audit, and Business Units to ensure consistent compliance and risk management practices.
- Monitor changes in laws, regulations, and industry standards to assess impact and ensure ongoing compliance.
- Promote a culture of security and compliance awareness through training and stakeholder engagement.
- Enforce, incorporate, and comply with necessary controls and related information security policies and procedures within departmental activities.
Qualifications:
- Preferred tertiary level qualification in Information Technology or Computer Science from an internationally recognized institution.
- Security certifications such as CISA, CRISC, COBIT, IIA, or equivalent are preferred.
- Recommended 5 to 7 years of relevant experience demonstrating competencies in Data Analytics, Data Operations, or related fields.
- Advanced experience in information security, especially in GRC-related roles, leading risk assessments, compliance efforts, and security awareness initiatives.
- Excellent communication and interpersonal skills for effective collaboration with various stakeholders.
- Advanced proficiency in conducting risk assessments, analyzing security controls, and managing policies.
Technical Competencies:
- Data Governance
- Ethical Culture
- Data Mining & Modelling
Behavioral Competencies:
- Digital Literacy
- Creative Thinking
- Communication
