Title: GRC Manager
Location: Saudi Arabia (Riyadh)
Contract: 6 to 12 months (extendable)
Role Overview
We are seeking a GRC Manager with proven experience in the consumer finance / digital lending / fintech sector to lead technology and application governance, risk, and compliance activities.
This is a hands-on delivery role in a regulated, fast-moving financial services environment. The successful candidate must be comfortable translating regulatory requirements into practical controls across digital platforms, not just writing policy.
Key Responsibilities
Governance & Compliance
- Define and maintain technology and application GRC frameworks within a consumer finance or fintech environment
- Ensure compliance with Saudi regulatory and data protection requirements including SAMA, NCA, and PDPL
- Translate regulatory obligations into actionable technical and application controls
Risk Management
- Conduct technology and application risk assessments, including platform and third-party risk
- Maintain risk registers, remediation plans, and formal risk acceptance documentation
- Support regulatory inspections, internal assurance, and external audits
Delivery & Stakeholder Engagement
- Work directly with engineering, DevOps, cybersecurity, product, and compliance teams
- Embed GRC requirements into SDLC, CI/CD, change, and release processes
- Challenge delivery teams where controls are weak or non-compliant
Documentation & Reporting
- Produce regulator-ready policies, standards, procedures, and evidence packs
- Provide concise reporting to senior stakeholders on risk posture and remediation progress
Required Experience
- 5+ years experience in GRC, Technology Risk, or IT Compliance
- Direct experience in consumer finance, digital lending, BNPL, fintech, or regulated financial services
- Hands-on experience with application-level and platform risk management
- Strong working knowledge of SAMA, NCA, and PDPL requirements
- Experience operating in contract or interim roles with minimal supervision
