Cybersecurity GRC Manager

Position Overview:

We are seeking an experienced Cybersecurity GRC Manager to design, implement, and oversee SANAM’s GRC framework. The role requires aligning cybersecurity practices with national and international regulatory standards (SAMA CSF, NCA ECC, PDPL, ISO 27001, PCI DSS, NIST, etc.), conducting comprehensive risk assessments, compliance audits, gap analyses, and full-cycle framework implementations. The ideal candidate combines strategic vision with hands-on execution, ensuring that SANAM maintains a strong security posture, regulatory compliance, and stakeholder trust.

Key Responsibilities:

• Develop, maintain, and oversee the Cyber Security framework, including processes, policies, procedures, standards, and guidelines.
• Design, implement, and maintain risk management processes & delivering risk-based cyber security solutions that address people, process and technology.
• Align cybersecurity and governance practices with national and international regulatory standards.
• Lead the full risk assessment lifecycle: identification, prioritization, mitigation, and reporting of SANAM’s information assets.
• Conduct comprehensive compliance audits and gap analyses.
• Maintain and update the risk register while monitoring and reporting mitigation efforts.
• Manage compliance with SAMA CSF, PDPL, ISO 27001, NCA ECC, PCI DSS, and other frameworks.
• Conduct internal audits and assessments to identify gaps and ensure timely remediation.
• Lead awareness and training programs for staff, customers, and third parties.
• Oversee Third-Party Risk Assessments (TPRA) and vendor compliance with policies, regulations, and SLAs.
• Manage relations with regulators, auditors, and GRC related external stakeholders.
• Oversee CS committee meetings and ensure structured governance reporting.
• Lead SANAM’s representation in regulatory inspections, cybersecurity compliance assessments, and GRC-related audits, ensuring the organization demonstrates a robust posture of CS governance, risk management, and compliance.
• Measuring and reporting the KRIs and KPIs and providing regular updates to the CEO and senior management.
• Perform any additional GRC-related responsibilities as assigned to support SANAM’s evolving compliance and risk landscape.

Qualifications:

• Saudi national (Preferred)
• 4+ years of experience in Cybersecurity GRC within financial services, fintech, or regulated industries.
• Proven experience in risk assessments, compliance audits, gap analyses, and full-cycle framework implementations.
• Deep knowledge and practical experience with frameworks like SAMA CSF, NCA ECC, PDPL standards.
• Strong understanding of governance best practices and policy development.
• Excellent English communication skills.
• Strong analytical, documentation, and reporting abilities.

Soft Skills:

• Strong attention to detail and disciplined approach to compliance and governance.
• Strategic thinker with the ability to balance regulatory requirements and business needs.
• Exceptional communication and presentation skills for engaging senior management and regulators.
• Resilient under pressure, particularly during audits and regulatory reviews.
• Blend of strategic vision and hands-on execution, driving both high-level initiatives and detailed implementations.
• Strong Sense of Ownership: Takes initiative and responsibility for tasks and projects.

Job Type: Full-time

Application Question(s):

• Are you a Saudi National?
• What is your salary expectation in SAR?

Experience:

• Cybersecurity: 4 years (Required)

License/Certification:

• Cybersecurity Certificates (Preferred)

Location:

• Riyadh (Preferred)