Information Technology Governance Manager

Title: GRC Manager

Location: Saudi Arabia (Riyadh)

Contract: 6 to 12 months (extendable)

We are seeking a GRC Manager with proven experience in the consumer finance / digital lending / fintech sector to lead technology and application governance, risk, and compliance activities. This is a hands‑on delivery role in a regulated, fast‑moving financial services environment. The successful candidate must be comfortable translating regulatory requirements into practical controls across digital platforms, not just writing policy.

• Governance & Compliance: Define and maintain technology and application GRC frameworks within a consumer finance or fintech environment; ensure compliance with Saudi regulatory and data protection requirements including SAMA, NCA, and PDPL; translate regulatory obligations into actionable technical and application controls.
• Risk Management: Conduct technology and application risk assessments, including platform and third‑party risk; maintain risk registers, remediation plans, and formal risk acceptance documentation; support regulatory inspections, internal assurance, and external audits.
• Delivery & Stakeholder Engagement: Work directly with engineering, Dev Ops, cybersecurity, product, and compliance teams; embed GRC requirements into SDLC, CI/CD, change, and release processes; challenge delivery teams where controls are weak or non‑compliant.
• Documentation & Reporting: Produce regulator‑ready policies, standards, procedures, and evidence packs; provide concise reporting to senior stakeholders on risk posture and remediation progress.

• 5+ years experience in GRC, Technology Risk, or IT Compliance.
• Direct experience in consumer finance, digital lending, BNPL, fintech, or regulated financial services.
• Hands‑on experience with application‑level and platform risk management.
• Strong working knowledge of SAMA, NCA, and PDPL requirements.
• Experience operating in contract or interim roles with minimal supervision.