Cyber Security Governance & Compliance lead

Are you an experienced Cyber Security GRC professional ready to lead compliance for a major financial services and technology provider

We are seeking a proactive and detail-oriented Governance Risk and Compliance (GRC) Lead to ensure our cybersecurity program meets the stringent requirements of global and regional financial regulators. This role is crucial for maintaining our trust security posture and license to operate across all business regions.

If you have a proven track record in implementing and auditing SAMA CSF PCI DSS and ISO 27001 this is your opportunity to drive compliance across a dynamic high-growth environment.

What You Will Do (Key Accountabilities):

• Compliance Leadership: Drive the successful implementation and continuous adherence to key regulatory and industry frameworks including SAMA Cyber Security Framework PCI DSS and ISO 27001.
• Policy & Documentation: Own the drafting maintenance and enforcement of comprehensive cybersecurity policies procedures and standards across the organization.
• Audit Management: Coordinate and assist internal teams during PCI DSS and ISO 27001 annual external audits ensuring timely remediation and gap closure.
• Risk Management: Execute and maintain the Cyber Security Risk Assessment program managing the risk register and reporting on GRC progress to stakeholders.
• Security Integration: Represent the GRC function in the Change Management Process and engage in early-stage business projects to embed required security controls and ensure compliance from the outset.
• Awareness & Incident Support: Conduct organization-wide security awareness training and provide GRC support during security incident response and root cause analysis (RCA) activities.

What You Bring (Required Qualifications):

• Experience: 3-5 years of focused experience in a cybersecurity GRC role preferably within the Financial Sector (Fintech Banking Payments).
• Framework Expertise: Sound working knowledge and implementation experience with PCI DSS ISO 27001 and major national/regional regulatory frameworks (e.g. SAMA CBE NCA).
• Risk Knowledge: Proficiency in applying risk assessment methodologies (e.g. NIST 800-30 OCTAVE ISO 27005).
• Technical Foundation: Understanding of information and application security controls network architecture (e.g. firewall rules) and infrastructure hardening principles.

Highly Desirable Certifications:

Candidates holding one or more of the following are strongly preferred:

• ISO 27001 Lead Auditor/Implementer (LA/LI)
• PCIP (PCI Professional)
• CISA / CRISC / CISSP

Ready to be the compliance backbone of a leading financial technology company Apply now!