Role Overview The Banking GRC Expert will act as a trusted advisor and Subject Matter Expert (SME) for Governance, Risk, and Compliance across the Bank. This role is accountable for ensuring full alignment with SAMA regulations, NCA cybersecurity standards, and other applicable Saudi regulatory frameworks. This role interfaces extensively with senior management, Board Committees, regulators, and internal audit functions to understand their key requirements and advise the technology teams from a domain perspective. Key Responsibilities 1. Regulatory Governance & Strategic Advisory
SAMA Regulatory Leadership: Serve as the Bank's primary SME for SAMA Banking Rules, Circulars, and supervisory expectations, including:
ERM Leadership: Lead identification, assessment, and mitigation of:
Operational Risk
Credit Risk
Strategic & Emerging Risks
KRI & Risk Register Management: Define and monitor Key Risk Indicators (KRIs) and maintain an up-to-date enterprise Risk Register aligned with the Bank's risk appetite.
Regulatory Gap Assessments: Conduct periodic gap analyses, thematic reviews, and regulatory readiness assessments; oversee remediation plans and closure of findings.
Regulatory & Audit Liaison: Act as the primary interface for:
SAMA inspections
External auditors
Internal audit reviews Ensure timely and effective resolution of all supervisory observations.
4. Advisory, Enablement & Risk Culture
Subject Matter Advisory: Provide expert guidance to business and technology teams on:
AML / CFT regulations
Basel III / IV frameworks
Sharia compliance (where applicable)
Risk Culture & Awareness: Champion a strong risk-aware culture through:
Targeted training programs
Executive workshops
Policy awareness initiatives
Required Qualifications & Experience Education
Bachelor's degree in Finance, Risk Management, Law, Information Systems, or related discipline
Master's degree / MBA preferred
Professional Experience
10–15 years of progressive experience in Banking GRC, preferably within KSA or the GCC
Demonstrated experience engaging with SAMA, NCA, and regulatory audits
Strong exposure to digital banking and technology risk environments
Certifications (At least two preferred)
CRISC – Certified in Risk and Information Systems Control
CGEIT – Certified in Governance of Enterprise IT
CAMS – Certified Anti-Money Laundering Specialist
CISA – Certified Information Systems Auditor
SAMA / Financial Academy Professional Certifications (e.g., Compliance Foundations)
Regulatory & Technical Knowledge
Expert-level understanding of:
SAMA regulations and supervisory expectations
NCA cybersecurity frameworks
CMA regulations (as applicable)
Leadership & Soft Skills
Strong executive presence and stakeholder management capability
Ability to influence C-suite and Board-level discussions
Excellent analytical, presentation, and documentation skills
