Compliance Manager
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
The Governance, Risk & Compliance (GRC) Lead is responsible for leading the organization's cybersecurity governance, risk management, and compliance program.
Key Skills for This Role
Full Job Posting
Job Summary
The Governance, Risk & Compliance (GRC) Lead is responsible for leading the organization's cybersecurity governance, risk management, and compliance program.
The role ensures the effective implementation, monitoring, and continuous improvement of security governance practices while maintaining compliance with applicable regulatory and industry frameworks, including the
National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC)
,
Nist Cybersecurity Framework (Csf)
,
Iso And Iec 27001
, and
Icao Cybersecurity Standards
.
The GRC Lead serves as the primary advisor on cybersecurity governance and regulatory compliance, working closely with executive leadership, business units, auditors, and technology teams to establish effective security controls, manage cyber risk, oversee audit readiness, and drive continuous compliance.
Governance & Security Frameworks
- Lead the organization's Cybersecurity Governance Program.
- Develop, implement, and maintain the Information Security Management System (ISMS).
- Ensure compliance with:
• NIST SP 800-53
- ISO/IEC 27001 and ISO/IEC 27002
- ICAO Cybersecurity Standards (where applicable)
- Develop and maintain cybersecurity policies, standards, procedures, and governance documentation.
- Lead governance committees and coordinate Security Steering Committee meetings.
- Conduct cybersecurity maturity assessments and develop improvement plans.
- Ensure governance processes align with business objectives and regulatory obligations.
Risk Management
- Lead the enterprise cybersecurity risk management program.
- Maintain the enterprise cybersecurity risk register.
- Conduct cyber risk assessments and facilitate business risk workshops.
- Review and approve risk treatment plans and risk acceptance requests.
- Monitor remediation activities and ensure timely closure of identified risks.
- Develop and report Key Risk Indicators (KRIs).
- Provide executive reporting on the organization's cyber risk posture.
Compliance & Assurance
- Lead internal and external cybersecurity audits.
- Coordinate compliance assessments against NCA ECC, NIST, ISO/IEC 27001, and ICAO requirements.
- Oversee security control assessments and compliance reviews.
- Coordinate evidence collection and maintain audit readiness.
- Track audit findings and corrective actions through closure.
- Support third-party risk assessments and supplier security reviews.
Policies & Standards
- Develop and maintain information security policies, standards, procedures, and guidelines.
- Manage policy review and approval cycles.
- Review security exceptions and compensating controls.
- Promote governance awareness across the organization.
- Ensure documentation remains current and aligned with regulatory requirements.
Reporting & Metrics
- Develop executive dashboards and governance reports.
- Report cybersecurity KPIs and KRIs.
- Present governance, compliance, and risk reports to executive management.
- Report on:
- Compliance status
- Audit findings
- Enterprise risk
- Security maturity
- Control effectiveness
- Remediation progress
Required Qualifications
- Bachelor's degree in Cybersecurity, Information Security, Information Technology, Risk Management, Business Administration, or a related field.
- Minimum
- 7 years
- of experience in Governance, Risk & Compliance (GRC), Information Security, Audit, or Cybersecurity.
- Minimum
- 3 years
- in a leadership or senior GRC role.
- Proven experience implementing and managing enterprise GRC programs.
- Hands-on experience with cybersecurity risk assessments and risk register management.
- Experience leading internal and external audits.
- Strong knowledge of cybersecurity governance frameworks and regulatory compliance.
Governance & Risk
- Cybersecurity Governance
• Security Control Assessments
- Compliance Assessments
- Audit Management
Frameworks
- National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC)
• NIST SP 800-53
- ISO/IEC 27001
- ISO/IEC 27002
• Microsoft Office Suite
- Experience preparing executive dashboards and governance reports
Preferred Qualifications
- Experience working in government, aviation, telecommunications, financial services, or other highly regulated industries.
- Experience supporting ICAO cybersecurity compliance or aviation regulatory environments.
- Experience implementing or administering GRC platforms such as ServiceNow GRC, RSA Archer, OneTrust, MetricStream, or AuditBoard.
- Experience leading ISO/IEC 27001 certification or surveillance audits.
- Experience managing third-party security assessments and supplier risk programs.
- Familiarity with COBIT and CIS Critical Security Controls.
Preferred Certifications
- CISSP – Certified Information Systems Security Professional
- CRISC – Certified in Risk and Information Systems Control
- CISA – Certified Information Systems Auditor
- CGRC – Certified in Governance, Risk and Compliance (ISC²)
• ISO And IEC 27001 Lead Auditor
- COBIT Foundation
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Acuative Middle East
Endpoint & Email Security Engineer
Jeddah, KSA
Job Summary The Endpoint & Email Security Engineer is responsible for the day-to-day operation, administration, and optimization of the organization's endpoint and email security platforms. The primary focus of this role
Senior Security Architect
Jeddah, KSA
Job Summary The Senior Security Architect is responsible for defining, governing, and advancing the organization's cybersecurity architecture to ensure security is embedded across enterprise, cloud, network, and applicat
Senior Security Architect
Jeddah, KSA
Job Summary The Security Architecture & GRC Lead is responsible for leading the organization's security architecture and governance initiatives, ensuring that security is embedded into the design, implementation, and ope
Risk & Governance Analyst
Jeddah, KSA
Job Summary The Risk & Governance Analyst is responsible for supporting the organization's cybersecurity governance, risk, and compliance (GRC) program. The primary focus of this role is the management of the cybersecuri
Security Operations Manager
Jeddah, KSA
Job Summary The Security Operations Lead is responsible for leading the organization's Security Operations Center (SOC) and ensuring the effective monitoring, detection, investigation, and response to cybersecurity threa
Power BI Developer
Jeddah, KSA
Design, develop, and maintain enterprise reporting and business intelligence solutions using Power BI, SQL, and Python. Collaborate with stakeholders to create interactive dashboards and ensure data accuracy.
Field Services Engineer
Doha, QAT
Job Summary We are seeking a highly experienced Field Service Engineer to support on-site deployment, installation, and maintenance of advanced data center infrastructure. The ideal candidate will have deep hands-on expe
Field Services Engineer
Abu Dhabi Emirate, UAE
Job Summary We are seeking a highly experienced Field Service Engineer to support on-site deployment, installation, and maintenance of advanced data center infrastructure. The ideal candidate will have deep hands-on expe
Endpoint & Email Security Engineer
Jeddah, KSA
Senior Security Architect
Jeddah, KSA
Senior Security Architect
Jeddah, KSA
Risk & Governance Analyst
Jeddah, KSA
Security Operations Manager
Jeddah, KSA
Power BI Developer
Jeddah, KSA
Field Services Engineer
Doha, QAT
Field Services Engineer
Abu Dhabi Emirate, UAE