GRC Risk & Compliance Manager
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Digital North Associates (DNA) bridges the gap between conventional strategy & management consulting and technical implementation to deliver real business value. By combining innovative consulting services with tooling capabilities, DNA offers clients comprehensive solutions to address their unique challenges.
Key Skills for This Role
Full Job Posting
Company Description
Digital North Associates (DNA) bridges the gap between conventional strategy & management consulting and technical implementation to deliver real business value.
By combining innovative consulting services with tooling capabilities, DNA offers clients comprehensive solutions to address their unique challenges.
The firm is committed to delivering impactful results by integrating strategic insights with practical technology-based execution, empowering clients to achieve lasting success.
Role Description
The GRC Risk & Compliance Manager will serve as the primary subject matter expert and delivery lead for the GRC platform implementation at a large Bank.
This role is critical to establishing a solid Governance, Risk, and Compliance foundation across IT and Operational Risk, Business Continuity Management (BCM), Incident Management, and Compliance — aligned with Saudi Central Bank (SAMA) regulations and international standards.
The successful candidate will bridge the gap between fragmented legacy processes and a unified, tool-driven GRC lifecycle, working closely with internal bank stakeholders, the technology implementation team, and executive sponsors to secure timely project delivery and internal budget approval.
Risk Management
- Design and operationalize a standardized IT risk lifecycle including risk identification, assessment, treatment, and governance workflows.
- Establish linkages between risks, assets, applications, and business impact within the GRC platform.
- Consolidate dispersed asset and application data into a unified IT risk context inside the GRC tool.
- Define risk appetite, thresholds, and escalation matrices in coordination with senior stakeholders.
- Oversee integration with confirmed systems only; document expansion roadmap for future phases.
Incident Management
- Develop and implement a structured incident management framework covering detection, classification, escalation, and resolution.
- Configure incident workflows within the GRC platform, ensuring linkage to affected assets, risks, and continuity plans.
- Define KPIs/KRIs for incident response and produce post-incident analysis reports for leadership.
- Train internal teams on incident logging, triage protocols, and regulatory reporting obligations.
Compliance Management
- Map applicable regulatory frameworks (SAMA Cyber Security Framework, NCA controls, ISO 27001, BCBS 239) into the GRC compliance module.
- Conduct gap assessments and develop remediation plans with owners and timelines.
- Establish a continuous compliance monitoring cadence and produce board-ready compliance dashboards.
- Manage EA licensing compliance and coordinate vendor assessments for Enterprise Architecture toolsets.
Business Continuity Management (BCM)
- Lead Business Impact Analysis (BIA) exercises across critical business units and IT services.
- Develop, document, and test Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs).
- Integrate BCM data into the GRC platform, ensuring end-to-end traceability from risk to continuity response.
- Facilitate tabletop exercises and coordinate BCP testing cycles with operational teams.
Stakeholder & Project Delivery
- Act as the primary liaison between Bank leadership, IT teams, and the implementation partners
- Prepare and present business cases and project progress reports to secure internal budget approval.
- Maintain a lean, practical project scope to accelerate delivery and demonstrate early value.
- Produce all required project documentation, status reports, and executive dashboards.
Education
- Bachelor's degree in IT/Computer Science, Risk Management, or a related Field. A master's or MBA is preferred.
Professional Experience
- Minimum 7 years of experience in GRC. IT Risk, or Information Security - With at least 3 years in the banking or financial services sector.
- Demonstrable experience implementing or managing GRC platforms
- Hands-on experience conducting BIAs, writing BCPs/DRPs, and managing compliance programs under SAMA or equivalent regulators.
- Experience working in the KSA banking environment is strongly preferred.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career