GRC Manager

Job Purpose

The GRC Manager is responsible for developing, implementing, and continuously enhancing the company’s Governance, Risk, and Compliance framework to ensure organizational integrity, operational efficiency, and regulatory adherence. The role oversees corporate governance structures, enterprise risk management, compliance obligations, internal controls, and reporting to executive leadership and the Board. The position also supports technology governance and IPO readiness in alignment with regulatory requirements and best practices.

Key Responsibilities

Governance

• Develop, implement, and continually update the company’s corporate governance framework, policies, and internal regulations.
• Manage governance documents including Board and committee charters, authority matrix, and related governance records.
• Monitor disclosures, conflict-of-interest declarations, and promote organizational transparency.
• Support governance of technology products and development projects, ensuring adherence to SDLC practices and quality standards.
• Drive governance awareness across the organization through training and communication programs.

Risk Management

• Build and maintain the Enterprise Risk Register and ensure periodic updates with stakeholders.
• Evaluate strategic, operational, technical, and project-related risks across the organization.
• Develop risk mitigation and treatment plans and follow up with departments to ensure implementation.
• Support Business Continuity Management (BCM), crisis response planning, and resilience activities.

Compliance

• Monitor compliance with regulatory requirements including PDPL and IT-related laws and standards.
• Ensure compliance with internal policies such as anti-corruption, data protection, customer management, and code of conduct.
• Conduct regular compliance reviews and manage whistleblowing and reporting channels.
• Review contracts, projects, and proposals to ensure alignment with compliance, privacy, and governance standards.

Internal Controls

• Develop and enhance the internal control framework in alignment with COSO standards.
• Evaluate the effectiveness of internal controls across operational and technical areas and recommend improvements.
• Oversee system access controls, user permissions, and change management processes.

Reporting & Board Support

• Prepare periodic reports on governance, risk, compliance, and internal controls for the Board of Directors.
• Provide specialized reports and insights to Board committees (Audit, Risk, Governance).
• Develop and track KPIs related to GRC performance and ensure timely reporting.

IPO Readiness (as needed)

• Conduct governance, risk, and compliance gap assessments based on Capital Market Authority requirements.
• Update policies, charters, and governance structures to ensure IPO readiness.
• Support disclosures, technology governance, and technology risk oversight for listing preparation.

Qualifications & Requirements

Education

• Bachelor’s degree in Business Administration, Information Technology, Law, Risk Management, or a related field.
• Master’s degree is preferred (MBA, MIS, or relevant fields).
• Professional certifications are highly preferred, such as:
• GRCP / GRCA (GRC Professional/Analyst)
• CRISC (Risk Management)
• CGEIT (Governance of Enterprise IT)
• ISO 31000 Lead Risk Manager
• ISO 27001 Lead Implementer/Auditor
• CIA / CCSA / CISA (Internal Audit & Controls)

Experience

• 5–8 years of experience in Governance, Risk Management, Compliance, or Internal Controls.
• Experience working in technology companies, consulting firms, or regulated environments .
• Previous exposure to publicly listed companies or companies preparing for IPO is a strong advantage.
• Hands-on experience implementing governance frameworks, risk registers, and compliance programs.
• Experience working directly with Board of Directors, Board committees, and executive leadership .
• Background in SDLC governance, technology controls, and change management is preferred.

Skills & Competencies

Technical Skills

• Strong knowledge of corporate governance frameworks and regulatory requirements.
• Solid understanding of risk management methodologies and enterprise risk frameworks.
• Knowledge of PDPL, IT compliance, cybersecurity standards, and regulatory obligations.
• Familiarity with internal control frameworks (e.g., COSO , ISO standards).
• Ability to prepare professional reports, dashboards, KPIs, and Board-level presentations.

Soft Skills

• Excellent command of English (spoken and written).
• Strong analytical, problem-solving, and decision-making skills.
• High attention to detail and ability to handle sensitive information with confidentiality.
• Strong communication, stakeholder management, and training skills.
• Ability to work independently and lead cross-functional initiatives.