IT GRC Manager

Key Responsibilities

• IPO & Regulatory Compliance: Lead IT compliance gap assessments against Saudi NCA ECC, PDPL, and CMA standards. Maintain IT controls evidence for IPO audits and collaborate with auditors, legal, and finance teams to ensure compliance and timely gap closure.
• Governance & Policy: Enforce IT policies across 150+ locations, manage IT risk register, and coordinate governance reviews with CIO and CISO to align policies with security and business goals.
• Risk Management: Conduct annual and ad-hoc IT risk assessments, set risk appetites, monitor vendor risks, and implement mitigation strategies to safeguard IT assets.
• Audit & Assurance: Oversee IT audits, prepare evidence, track findings, ensure timely remediation, and report progress to the CIO.

• 5+ years in IT GRC, audit, or security compliance, with preferred experience in IPO, M&A, or regulatory listings.
• Strong knowledge of Saudi NCA ECC and PDPL compliance.
• Experience with cloud platforms (AWS, GCP) from a controls and compliance perspective.
• Skilled in managing IT governance across multi-site or multi-country environments.
• Certifications such as CISA (preferred), CRISC, or ISO 27001 Lead Auditor/Implementer required.
• Familiar with frameworks including ISO 27001, NIST CSF, COBIT, and SOC 2.
• Excellent report‑writing skills and fluency in Arabic and English.

• CISA — preferred
• CRISC
• ISO 27001 Lead Auditor or Implementer

• In-depth understanding of ISO 27001, NIST CSF, COBIT, and SOC 2 frameworks
• Capability to convert regulatory requirements into effective IT controls
• Exceptional written communication skills — reports will be submitted to the CIO, CISO, and Board members
• Fluency in both Arabic and English is mandatory