Back to jobs
Senior GRC Manager
- Posted 26 August 2025
- Salary $20000 - $30000 per month
- LocationRiyadh
- Job type Permanent
- Sectors Built Environment
- ReferenceBH-39200
Job description
Position: Director – Governance, Risk & Compliance (GRC)
Role Summary
The GRC Director is responsible for leading the organization’s governance, risk, and compliance frameworks across all business functions. The role will establish enterprise-wide GRC strategies, policies, and procedures in alignment with KSA regulatory requirements, industry standards, and best practices. The Director will oversee risk identification, assessment, and mitigation strategies, ensure regulatory and legal compliance, and provide oversight on cybersecurity governance as part of the broader corporate risk strategy.
Key Duties & Responsibilities
Role Summary
The GRC Director is responsible for leading the organization’s governance, risk, and compliance frameworks across all business functions. The role will establish enterprise-wide GRC strategies, policies, and procedures in alignment with KSA regulatory requirements, industry standards, and best practices. The Director will oversee risk identification, assessment, and mitigation strategies, ensure regulatory and legal compliance, and provide oversight on cybersecurity governance as part of the broader corporate risk strategy.
Key Duties & Responsibilities
- Develop, implement, and maintain enterprise-wide GRC frameworks, policies, and processes.
- Oversee risk management practices including identification, assessment, mitigation, and monitoring of organizational risks.
- Ensure compliance with all relevant KSA regulations, international standards, and corporate policies.
- Lead governance initiatives, including policy development, control frameworks, and assurance activities.
- Establish and monitor internal controls to safeguard the organization’s operations and reputation.
- Provide regular risk and compliance reporting to the executive leadership and Board/Audit Committee.
- Monitor changes in regulatory and compliance landscapes and ensure timely alignment of organizational practices.
- Oversee compliance audits, assessments, and certifications across business units.
- Foster a risk-aware culture through training, awareness programs, and advisory support to senior leadership and business units.
- Collaborate with business and technology leaders to ensure integration of cybersecurity risk into the overall GRC framework.
- Direct crisis management and incident response planning to ensure organizational resilience.
- Build and manage relationships with regulators, auditors, and other key stakeholders.
- Lead and mentor the GRC team to build internal capability and drive continuous improvement.
- Education & Qualifications
- Bachelor’s degree in Business Administration, Law, Finance, Risk Management, or a related field.
- Master’s degree (preferred) in Risk, Compliance, Business, or related discipline.
- Relevant professional certifications such as CGEIT, CRISC, CCEP, CIA, CISM, or ISO 31000/27001 Lead Implementer/Auditor.
- Experience
- Minimum of 10 years of progressive experience in governance, risk management, compliance, or audit, with at least 5 years in a leadership role.
- Demonstrated experience in developing and managing enterprise GRC frameworks.
- Strong track record in regulatory compliance and risk oversight within large organizations (preferably in the KSA/GCC region).
- Familiarity with cybersecurity governance and risk management practices.
- Experience engaging with boards, audit committees, and regulators.
- Skills & Competencies
- Deep knowledge of KSA regulatory landscape and international GRC standards.
- Strong leadership and people management skills.
- Excellent analytical, problem-solving, and decision-making abilities.
- High level of integrity, ethics, and professional judgment.
- Exceptional communication and stakeholder management skills.
- Ability to balance strategic oversight with hands-on operational management.
