{bc}
linkedin

Compliance Manager

Acuative Middle East
Jeddah, KSA
fulltime
Mid-Senior
Today
LeadershipStrategic PlanningBudgetingTeam ManagementPerformance ManagementProject Management
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

LeadershipStrategic PlanningBudgeting
Smart Apply

Full Job Posting

Job Summary

The Governance, Risk & Compliance (GRC) Lead is responsible for leading the organization's cybersecurity governance, risk management, and compliance program.

The role ensures the effective implementation, monitoring, and continuous improvement of security governance practices while maintaining compliance with applicable regulatory and industry frameworks, including the

National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC)

,

Nist Cybersecurity Framework (Csf)

,

Iso And Iec 27001

, and

Icao Cybersecurity Standards

.

The GRC Lead serves as the primary advisor on cybersecurity governance and regulatory compliance, working closely with executive leadership, business units, auditors, and technology teams to establish effective security controls, manage cyber risk, oversee audit readiness, and drive continuous compliance.

Governance & Security Frameworks

  • Lead the organization's Cybersecurity Governance Program.
  • Develop, implement, and maintain the Information Security Management System (ISMS).
  • Ensure compliance with:

• NIST SP 800-53

  • ISO/IEC 27001 and ISO/IEC 27002
  • ICAO Cybersecurity Standards (where applicable)
  • Develop and maintain cybersecurity policies, standards, procedures, and governance documentation.
  • Lead governance committees and coordinate Security Steering Committee meetings.
  • Conduct cybersecurity maturity assessments and develop improvement plans.
  • Ensure governance processes align with business objectives and regulatory obligations.

Risk Management

  • Lead the enterprise cybersecurity risk management program.
  • Maintain the enterprise cybersecurity risk register.
  • Conduct cyber risk assessments and facilitate business risk workshops.
  • Review and approve risk treatment plans and risk acceptance requests.
  • Monitor remediation activities and ensure timely closure of identified risks.
  • Develop and report Key Risk Indicators (KRIs).
  • Provide executive reporting on the organization's cyber risk posture.

Compliance & Assurance

  • Lead internal and external cybersecurity audits.
  • Coordinate compliance assessments against NCA ECC, NIST, ISO/IEC 27001, and ICAO requirements.
  • Oversee security control assessments and compliance reviews.
  • Coordinate evidence collection and maintain audit readiness.
  • Track audit findings and corrective actions through closure.
  • Support third-party risk assessments and supplier security reviews.

Policies & Standards

  • Develop and maintain information security policies, standards, procedures, and guidelines.
  • Manage policy review and approval cycles.
  • Review security exceptions and compensating controls.
  • Promote governance awareness across the organization.
  • Ensure documentation remains current and aligned with regulatory requirements.

Reporting & Metrics

  • Develop executive dashboards and governance reports.
  • Report cybersecurity KPIs and KRIs.
  • Present governance, compliance, and risk reports to executive management.
  • Report on:
  • Compliance status
  • Audit findings
  • Enterprise risk
  • Security maturity
  • Control effectiveness
  • Remediation progress

Required Qualifications

  • Bachelor's degree in Cybersecurity, Information Security, Information Technology, Risk Management, Business Administration, or a related field.
  • Minimum
  • 7 years
  • of experience in Governance, Risk & Compliance (GRC), Information Security, Audit, or Cybersecurity.
  • Minimum
  • 3 years
  • in a leadership or senior GRC role.
  • Proven experience implementing and managing enterprise GRC programs.
  • Hands-on experience with cybersecurity risk assessments and risk register management.
  • Experience leading internal and external audits.
  • Strong knowledge of cybersecurity governance frameworks and regulatory compliance.

Governance & Risk

  • Cybersecurity Governance

• Security Control Assessments

  • Compliance Assessments
  • Audit Management

Frameworks

  • National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC)

• NIST SP 800-53

  • ISO/IEC 27001
  • ISO/IEC 27002

• Microsoft Office Suite

  • Experience preparing executive dashboards and governance reports

Preferred Qualifications

  • Experience working in government, aviation, telecommunications, financial services, or other highly regulated industries.
  • Experience supporting ICAO cybersecurity compliance or aviation regulatory environments.
  • Experience implementing or administering GRC platforms such as ServiceNow GRC, RSA Archer, OneTrust, MetricStream, or AuditBoard.
  • Experience leading ISO/IEC 27001 certification or surveillance audits.
  • Experience managing third-party security assessments and supplier risk programs.
  • Familiarity with COBIT and CIS Critical Security Controls.

Preferred Certifications

  • CISSP – Certified Information Systems Security Professional
  • CRISC – Certified in Risk and Information Systems Control
  • CISA – Certified Information Systems Auditor
  • CGRC – Certified in Governance, Risk and Compliance (ISC²)

• ISO And IEC 27001 Lead Auditor

  • COBIT Foundation

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at Acuative Middle East