Cybersecurity Governance, Risk, and Compliance (GRC) Officer

The Cybersecurity Governance, Risk, and Compliance (GRC) Officer is responsible for developing, implementing, and continuously enhancing the organization’s cybersecurity governance framework and overall security strategy. The role ensures alignment with business objectives and regulatory mandates, oversees enterprise-wide risk management, manages compliance with national and industry regulations (including SAMA CSF and PCI DSS), and leads internal and external audits. The officer also provides regular reporting to executive leadership and the Board, ensuring the company maintains a strong, resilient, and compliant security posture across governance, risk, compliance, and assurance functions.

Tasks and Responsibilities

• Develop, implement, and continuously improve the Information Security Governance framework, policies, standards, and procedures.
• Lead the development and execution of the Cybersecurity Strategy in alignment with the company’s business goals.
• Provide regular cybersecurity posture reports to the Board of Directors and executive management.
• Establish and manage a cybersecurity metrics and KPI program to measure program effectiveness and track progress.
• Oversee the information security budget and ensure effective allocation of resources.
• Design and manage a comprehensive enterprise-wide Cybersecurity Risk Management program.
• Conduct regular risk assessments and Business Impact Analyses (BIA) to identify, analyze, and evaluate information security risks.
• Facilitate risk treatment planning with business and technology owners, ensuring appropriate mitigation, acceptance, or transfer.
• Manage vendor risk, including assessing the security posture of third-party vendors, cloud providers, and payment partners.
• Integrate risk management requirements into SDLC and change management processes.
• Act as the primary point of contact and subject matter expert for all regulatory cybersecurity examinations and audits (e.g., SAMA, CMA).
• Ensure continuous compliance with SAMA CSF, PCI DSS, and all relevant regulatory frameworks and standards.
• Manage regulatory licensing and certification requirements related to cybersecurity.
• Prepare and submit regulatory reports, evidence packages, questionnaires, and compliance documentation in a timely manner.
• Monitor and interpret regulatory changes and proactively advise the business on required updates.
• Manage all internal and external cybersecurity audits, including coordination, evidence collection, and follow-up.
• Develop and maintain a robust control testing and assurance program to validate the effectiveness of security controls.
• Oversee the remediation of all audit and assessment findings, ensuring they are resolved permanently.

What We Offer You

• We have an inclusive and diverse culture that encourages innovation and flexibility in remote, in-office, and hybrid work setups.
• We offer highly competitive compensation packages, including the potential for shares.
• We prioritize personal development and offer regular training and an annual learning stipend to tackle new challenges and grow your career in a hyper-growth environment.
• Join a talented team of over 30 nationalities working in 7 countries and gain valuable experience in an exciting industry.
• We offer autonomy, mentoring, and challenging goals that create incredible opportunities for both you and the company.
• You will be given a lot of responsibility and trust. We believe that the best results come when the people responsible for a function are given the freedom to do what they think is best.