Director of Governance, Risk, and Compliance

Overview

Role Overview

Governance Framework & Board Support

• Design and implement webook.com’s enterprise governance framework, including policies, approval authorities, decision-making protocols, committees, reporting cadences, and escalation paths.
• Support the company’s transition from founder-led/startup-style operations to a more structured governance model without slowing down execution unnecessarily.
• Establish clear accountability structures across departments, markets, and leadership forums.
• Develop and maintain a company-wide policy framework and policy library covering key operational, financial, legal, technology, data, people, and regulatory areas.
• Support board governance requirements by preparing clear, structured reporting on key risks, compliance matters, governance gaps, and mitigation plans.
• Work with executive leadership to ensure board decisions, actions, and follow-ups are tracked and implemented.
• Help establish governance routines such as risk committees, compliance reviews, policy approval processes, and management reporting cycles.

Enterprise Risk Management

• Build and own the company’s Enterprise Risk Management framework from scratch.
• Develop and maintain the enterprise risk register, including strategic, operational, financial, regulatory, technology, cyber, third-party, reputational, and market-specific risks.
• Define risk assessment methodologies, scoring criteria, risk ownership, risk appetite, escalation thresholds, and mitigation planning processes.
• Partner with business leaders to identify, assess, prioritize, and manage risks across functions and geographies.
• Embed risk management into business planning, international expansion, product launches, vendor selection, major commercial deals, and operational decision-making.
• Provide regular risk reporting to executive leadership and the Board, including key risk indicators, emerging risks, mitigation progress, and areas requiring attention.
• Ensure risk management is practical, business-focused, and suitable for a fast-moving growth environment.

Compliance

• Establish and manage the company’s compliance framework across all operating markets, and future international markets.
• Identify applicable laws, regulations, licensing requirements, contractual obligations, and internal policies relevant to the business.
• Monitor regulatory developments and assess their impact on webook.com’s operations, platform, commercial activities, data practices, and international expansion.
• Lead compliance gap assessments and develop practical remediation plans.
• Create compliance calendars, checklists, registers, and reporting mechanisms to ensure obligations are tracked and met.
• Partner with Legal, Finance, People, Product, Engineering, Commercial, and Operations teams to ensure compliance requirements are understood and implemented.
• Manage relationships with external advisors, regulators, auditors, and consultants where required.
• Ensure compliance is embedded into everyday operations rather than treated as a separate administrative exercise.

Internal Controls, Policies & Audit Readiness

• Design and implement practical internal controls across key business areas, including finance, procurement, contracting, approvals, vendor management, data protection, information security governance, and operational processes.
• Develop clear policy ownership, review cycles, approval workflows, and communication processes.
• Establish procedures for monitoring control effectiveness and tracking remediation actions.
• Prepare the company for internal audits, external audits, investor due diligence, regulatory reviews, and board-level governance reviews.
• Work with Finance, Legal, Operations, and Technology to ensure appropriate documentation, evidence, and control records are maintained.
• Identify control gaps and work with teams to implement solutions that are pragmatic, scalable, and appropriate for the company’s stage of growth.

Technology, Data & Platform Compliance

• Oversee data privacy and protection compliance (PDPL, GDPR, and equivalent regulations)
• Partner with Product and Engineering to ensure platform features meet regulatory requirements
• Lead information security governance in coordination with the technology team

Team Building & Leadership

• Build and lead the GRC team from the ground up
• Act as the internal subject matter expert on all governance, risk, and compliance matters
• Foster a culture of integrity, accountability, and risk awareness across the organization

Reporting & Executive Engagement

• Provide regular GRC updates and risk reports to executive leadership
• Prepare board-level reporting on key risks, compliance posture, and governance health
• Develop dashboards and metrics to track GRC performance

Requirements

• 10+ years of experience in governance, risk, compliance, or a related field
• Demonstrated experience building or significantly scaling a GRC function
• Strong knowledge of regulatory frameworks relevant to tech platforms, marketplaces, or e-commerce
• Familiarity with data privacy regulations, including PDPL and GDPR
• Experience operating across multiple markets, ideally within the MENA region
• Excellent stakeholder management and executive communication skills
• Relevant certifications are a plus (e.g. CISA, CRISC, CISM, ICA)
• Comfortable with ambiguity and able to move fast in a high-growth environment