Cybersecurity GRC Manager

HALA is a leading fintech player in the MENAP region that aims to redefine financial services and build the future bank of SMEs. HALA empowers SMEs to start, run, and grow their businesses by providing cutting‑edge financial and technological tools. The firm holds multiple entities in UAE, Saudi Arabia, and Egypt (including HALA Payments and HALA Logistics) and offers solutions that enable merchants to digitize payments and manage sales and operations.Job SummaryThe Cybersecurity Governance, Risk, and Compliance (GRC) Officer is responsible for developing, implementing, and continuously enhancing the organization’s cybersecurity governance framework and overall security strategy. The role ensures alignment with business objectives and regulatory mandates, oversees enterprise‑wide risk management, manages compliance with national and industry regulations (including SAMA CSF and PCI DSS), and leads internal and external audits. The officer also provides regular reporting to executive leadership and the Board, ensuring HALA maintains a strong, resilient, and compliant security posture across governance, risk, compliance, and assurance functions.Tasks and ResponsibilitiesDevelop, implement, and continuously improve the Information Security Governance framework, policies, standards, and procedures.Lead the development and execution of the Cybersecurity Strategy in alignment with HALA’s business goals.Provide regular cybersecurity posture reports to the Board of Directors and executive management.Establish and manage a cybersecurity metrics and KPI program to measure program effectiveness and track progress.Oversee the information security budget and ensure effective allocation of resources.Design and manage a comprehensive enterprise‑wide Cybersecurity Risk Management program.Conduct regular risk assessments and Business Impact Analyses (BIA) to identify, analyze, and evaluate information security risks.Facilitate risk treatment planning with business and technology owners, ensuring appropriate mitigation, acceptance, or transfer.Manage vendor risk, including assessing the security posture of third‑party vendors, cloud providers, and payment partners.Integrate risk management requirements into SDLC and change management processes.Act as the primary point of contact and subject‑matter expert for all regulatory cybersecurity examinations and audits (e.g., SAMA, CMA).Ensure continuous compliance with SAMA CSF, PCI DSS, and all relevant regulatory frameworks and standards.Manage regulatory licensing and certification requirements related to cybersecurity.Prepare and submit regulatory reports, evidence packages, questionnaires, and compliance documentation in a timely manner.Monitor and interpret regulatory changes and proactively advise the business on required updates.Manage all internal and external cybersecurity audits, including coordination, evidence collection, and follow‑up.Develop and maintain a robust control testing and assurance program to validate the effectiveness of security controls.Oversee the remediation of all audit and assessment findings, ensuring they are resolved permanently.BenefitsInclusive and diverse culture that encourages innovation and flexibility in remote, in‑office, and hybrid work setups.Highly competitive compensation packages, including potential for shares.Opportunities for personal development with regular training and an annual learning stipend.Work with a talented team of over 30 nationalities across 7 countries.Autonomy, mentoring, and challenging goals that create opportunities for both employee and company growth.Significant responsibility and trust granted to the right candidate.If you think you have what it takes to join a remarkable team, apply now.#J-18808-Ljbffr