Director of Information Security - GRC

About the Role

Responsibilities

• Develop and maintain an integrated information security governance framework aligned with ISO 27001, NIST CSF, COBIT, NCA ECC and SAMA CSF
• Drive risk management processes, including identification, assessment, treatment and reporting of information security risks
• Oversee compliance monitoring activities to ensure adherence to GDPR, PDPL and relevant local regulations
• Lead audit response efforts, coordinate internal and external audits, and ensure timely remediation of findings
• Manage third-party assurance and vendor risk assessments to uphold security standards across the supply chain
• Provide strategic counsel and regular reporting to the Board of Directors and executive leadership on GRC metrics, trends and initiatives
• Engage with regulatory bodies, including SAMA and NCA, to interpret requirements and influence regulatory developments
• Recruit, mentor and develop a skilled GRC team fostering a culture of accountability and continuous improvement
• Collaborate with cross-functional teams to integrate GRC principles into business processes and technology initiatives

Required Qualifications

• 12–18 years of progressive experience in information security governance, risk and compliance
• Proven technical expertise with ISO 27001, NIST CSF, COBIT, NCA ECC and SAMA CSF frameworks
• In-depth knowledge of GDPR and PDPL requirements
• Demonstrated experience in cybersecurity governance and enterprise risk management
• Strong background in compliance monitoring, audit response and third-party assurance
• Excellent team leadership skills with experience managing multidiscipline security teams
• Exceptional communication skills, with proven ability to present to board members and senior executives
• Experience engaging with regulatory authorities in the Middle East region

Preferred Qualifications

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or CRISC
• ISO 27001 Lead Auditor or Implementer certification
• Prior experience in Saudi Arabian financial services or regulated industries
• Advanced degree in Information Security, Cybersecurity, Risk Management or related field
• Fluency in Arabic
• Experience leading GRC initiatives during major digital transformation programs