Role Overview TheBanking GRC Expertwill act as a trusted advisor andSubject Matter Expert (SME)for Governance, Risk, and Compliance across the Bank. This role is accountable for ensuring full alignment withSAMA regulations,NCA cybersecurity standards, and other applicable Saudi regulatory frameworks. The incumbent will lead the design, implementation, and continuous enhancement of anintegrated GRC frameworkthat supports regulatory compliance, operational resilience, digital transformation, and sustainable business growth. This role interfaces extensively withsenior management, Board Committees, regulators, and internal audit functions.Key Responsibilities 1. Regulatory Governance & Strategic Advisory
SAMA Regulatory Leadership: Serve as the Bank's primary SME for SAMA Banking Rules, Circulars, and supervisory expectations, including:
SAMA Cybersecurity Framework (CSF)
SAMA IT Governance Framework
SAMA Risk Management & Compliance guidelines
GRC Framework Design: Design, implement, and maintain an enterprise-wide GRC framework integrating:
ERM Leadership: Lead identification, assessment, and mitigation of:
Operational Risk
Credit Risk
Strategic & Emerging Risks
Digital & Technology Risk: Oversee risk assessments for:
Digital banking initiatives
Fintech partnerships
Cloud, data, and emerging technologies Ensure compliance with SAMA consumer protection and data privacy requirements.
KRI & Risk Register Management: Define and monitor Key Risk Indicators (KRIs) and maintain an up-to-date enterprise Risk Register aligned with the Bank's risk appetite.
3. Compliance, Audit & Regulatory Engagement
NCA Compliance Oversight: Ensure compliance with:
NCA Essential Cybersecurity Controls (ECC)
Critical Systems Cybersecurity Controls (CSCC)
Regulatory Gap Assessments: Conduct periodic gap analyses, thematic reviews, and regulatory readiness assessments; oversee remediation plans and closure of findings.
Regulatory & Audit Liaison: Act as the primary interface for:
SAMA inspections
External auditors
Internal audit reviews Ensure timely and effective resolution of all supervisory observations.
4. Advisory, Enablement & Risk Culture
Subject Matter Advisory: Provide expert guidance to business and technology teams on:
AML / CFT regulations
Basel III / IV frameworks
Sharia compliance (where applicable)
Risk Culture & Awareness: Champion a strong risk-aware culture through:
Targeted training programs
Executive workshops
Policy awareness initiatives
Required Qualifications & Experience Education
Bachelor's degree in Finance, Risk Management, Law, Information Systems, or related discipline
Master's degree / MBA preferred
Professional Experience
1015 years of progressive experience inBanking GRC, preferably withinKSA or the GCC
Demonstrated experience engaging withSAMA, NCA, and regulatory audits
Strong exposure to digital banking and technology risk environments
Certifications (At least two preferred)
CRISC Certified in Risk and Information Systems Control
CGEIT Certified in Governance of Enterprise IT
CAMS Certified Anti-Money Laundering Specialist
CISA Certified Information Systems Auditor
SAMA / Financial Academy Professional Certifications (e.g., Compliance Foundations)
Regulatory & Technical Knowledge
Expert-level understanding of:
SAMA regulations and supervisory expectations
NCA cybersecurity frameworks
CMA regulations (as applicable)
Leadership & Soft Skills
Strong executive presence and stakeholder management capability
Ability to influence C-suite and Board-level discussions
Excellent analytical, presentation, and documentation skills
