Enterprise Governance, Risk & Compliance Manager

About Our Client:

Lucidya is a Saudi-based technology company that delivers an AI-powered unified customer experience platform (CXM). They specialise in social listening, sentiment analysis, omnichannel engagement, and customer feedback tools, particularly optimised for Arabic language and dialects. Serving clients across the GCC and broader MENA region, Lucidya helps brands monitor conversations, uncover insights, and act on real-time intelligence to boost their reputation, strengthen customer relationships, and drive growth.

Overview

The Enterprise GRC Manager leads the company’s integrated Governance, Risk, and Compliance (GRC) framework, ensuring all business units, systems, and processes operate with transparency, accountability, and regulatory alignment.

(Strategic & enterprise-wide role focused on GRC, legal coordination, and regulatory oversight.)

Key Responsibilities

1. Enterprise Governance

• Establish and maintain the Enterprise Governance Framework, aligning policies, processes, and decision-making with corporate objectives.
• Lead policy governance across departments, ensuring version control, ownership, and approval workflows.
• Facilitate governance committees (e.g., Risk Committee, Compliance Steering Group).
• Define Key Governance Indicators (KGIs) and performance metrics to measure organisational maturity.

2. Enterprise Risk Management

• Develop and implement a comprehensive risk management framework across strategic, operational, financial, and compliance risks.
• Maintain and update the Enterprise Risk Register, coordinating risk identification and mitigation.
• Conduct risk assessments and workshops to drive accountability.
• Lead Business Continuity Planning (BCP) and crisis management exercises.

3. Compliance & Regulatory Oversight

• Oversee compliance with national, regional, and international frameworks (PDPL, NCA, ISO, labor laws, financial reporting, governance standards).
• Integrate regulatory and contractual obligations into operational workflows.
• Supervise the Data Protection & Privacy Officer (DPO) to ensure privacy alignment with overall compliance strategy.
• Coordinate internal audits, certifications, and compliance monitoring; track remediation and improvement.
• Maintain a Regulatory Obligations Register mapping applicable laws and standards.
• Act as a strategic compliance advisor to department heads (Finance, HR, Operations, Product).

4. Legal & Regulatory Coordination

• Act as liaison between Compliance, Legal, and external counsel to operationalise regulatory requirements.
• Collaborate with Legal to review contracts, MSAs, and DPAs for compliance implications.
• Coordinate company responses to client audits, regulatory inquiries, and due diligence requests.
• Monitor evolving laws impacting SaaS, AI, and data protection, advising leadership on actions.

5. Ethics, Integrity & Internal Controls

• Develop and oversee the Code of Conduct, whistleblowing mechanisms, and ethics awareness programs.
• Partner with Finance and HR to strengthen internal controls and fraud prevention.
• Support governance and ethics due diligence for vendors, partners, and acquisitions.

6. Organisational Alignment & Culture

• Champion a risk-aware, compliance-first culture across all departments.
• Partner with HR to deliver company-wide governance and compliance training.
• Advise senior management to enable transparent and informed decision-making.

7. Continuous Improvement & Reporting

• Track emerging regulations and risk trends relevant to SaaS and AI industries.
• Lead continuous improvement in governance and audit readiness.
• Report regularly to executives and the board on risk posture and compliance performance.

Requirements

• Bachelor’s degree in Business, Law, or related field.
• 4–6 years’ experience in Governance, Risk & Compliance (GRC).
• Experience in auditing, incident management, and building governance frameworks.
• Strong knowledge of PDPL, ISO 27001/9001, and corporate compliance.
• Excellent stakeholder management, communication, and leadership skills.
• Experience designing and delivering compliance training programs.
• Familiarity with global regulatory frameworks and business continuity planning.
• Curious, detail-oriented, and investigative mindset.

Preferred:

• Experience with IPOs or public companies.
• Familiarity with Environmental, Social & Governance (ESG) principles.
• Proficiency in Arabic.
• Experience in technology, SaaS, or B2B environments.