Compliance Manager
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Acuative Middle East seeks a Compliance Manager (GRC Lead) to lead cybersecurity governance, risk management, and compliance. The role requires expertise in NCA ECC, NIST CSF, ISO 27001, and ICAO standards, with at least 7 years of GRC experience and 3 years in a senior role.
Key Skills for This Role
Responsibilities
- Lead the organization's Cybersecurity Governance Program
- Develop, implement, and maintain the Information Security Management System (ISMS)
- Ensure compliance with NCA ECC, NIST CSF, ISO/IEC 27001, and ICAO Cybersecurity Standards
- Develop and maintain cybersecurity policies, standards, procedures, and governance documentation
- Lead governance committees and coordinate Security Steering Committee meetings
- Conduct cybersecurity maturity assessments and develop improvement plans
- Lead the enterprise cybersecurity risk management program and maintain the risk register
- Conduct cyber risk assessments and facilitate business risk workshops
- Lead internal and external cybersecurity audits
- Coordinate compliance assessments against NCA ECC, NIST, ISO/IEC 27001, and ICAO requirements
- Develop executive dashboards and governance reports
- Report cybersecurity KPIs and KRIs to executive management
Requirements
- Bachelor's degree in Cybersecurity, Information Security, Information Technology, Risk Management, Business Administration, or related field
- Minimum 7 years of experience in Governance, Risk & Compliance (GRC), Information Security, Audit, or Cybersecurity
- Minimum 3 years in a leadership or senior GRC role
- Proven experience implementing and managing enterprise GRC programs
- Hands on experience with cybersecurity risk assessments and risk register management
- Experience leading internal and external audits
- Strong knowledge of cybersecurity governance frameworks and regulatory compliance
Full Job Posting
Job Summary
- The Governance, Risk & Compliance (GRC) Lead is responsible for leading the organization's cybersecurity governance, risk management, and compliance program.
- The role ensures the effective implementation, monitoring, and continuous improvement of security governance practices while maintaining compliance with applicable regulatory and industry frameworks, including the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC), NIST Cybersecurity Framework (CSF), ISO/IEC 27001, and ICAO Cybersecurity Standards.
- The GRC Lead serves as the primary advisor on cybersecurity governance and regulatory compliance, working closely with executive leadership, business units, auditors, and technology teams to establish effective security controls, manage cyber risk, oversee audit readiness, and drive continuous compliance.
Key Responsibilities
- Governance & Security Frameworks: Lead the organization's Cybersecurity Governance Program; develop, implement, and maintain the Information Security Management System (ISMS); ensure compliance with NCA ECC, NIST CSF, NIST SP 800 53, ISO/IEC 27001, ISO/IEC 27002, and ICAO Cybersecurity Standards; develop and maintain cybersecurity policies, standards, procedures, and governance documentation; lead governance committees and coordinate Security Steering Committee meetings; conduct cybersecurity maturity assessments and develop improvement plans; ensure governance processes align with business objectives and regulatory obligations.
- Risk Management: Lead the enterprise cybersecurity risk management program; maintain the enterprise cybersecurity risk register; conduct cyber risk assessments and facilitate business risk workshops; review and approve risk treatment plans and risk acceptance requests; monitor remediation activities and ensure timely closure of identified risks; develop and report Key Risk Indicators (KRIs); provide executive reporting on the organization's cyber risk posture.
- Compliance & Assurance: Lead internal and external cybersecurity audits; coordinate compliance assessments against NCA ECC, NIST, ISO/IEC 27001, and ICAO requirements; oversee security control assessments and compliance reviews; coordinate evidence collection and maintain audit readiness; track audit findings and corrective actions through closure; support third party risk assessments and supplier security reviews.
- Policies & Standards: Develop and maintain information security policies, standards, procedures, and guidelines; manage policy review and approval cycles; review security exceptions and compensating controls; promote governance awareness across the organization; ensure documentation remains current and aligned with regulatory requirements.
- Reporting & Metrics: Develop executive dashboards and governance reports; report cybersecurity KPIs and KRIs; present governance, compliance, and risk reports to executive management; report on compliance status, audit findings, enterprise risk, security maturity, control effectiveness, and remediation progress.
Required Qualifications
- Bachelor's degree in Cybersecurity, Information Security, Information Technology, Risk Management, Business Administration, or a related field.
- Minimum 7 years of experience in Governance, Risk & Compliance (GRC), Information Security, Audit, or Cybersecurity.
- Minimum 3 years in a leadership or senior GRC role.
- Proven experience implementing and managing enterprise GRC programs.
- Hands on experience with cybersecurity risk assessments and risk register management.
- Experience leading internal and external audits.
- Strong knowledge of cybersecurity governance frameworks and regulatory compliance.
Required Technical Skills
- Governance & Risk: Cybersecurity Governance, Enterprise Risk Management, Risk Register Management, Security Control Assessments, Compliance Assessments, Audit Management, Policy & Standards Development, Third Party Risk Management, Information Security Management Systems (ISMS).
- Frameworks: National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC), NIST Cybersecurity Framework (CSF), NIST SP 800 53, ISO/IEC 27001, ISO/IEC 27002, ISO 31000 Risk Management.
- Reporting & Tools: Microsoft Excel (Advanced), Microsoft Power BI, Microsoft Office Suite, Experience preparing executive dashboards and governance reports.
Preferred Qualifications
- Experience working in government, aviation, telecommunications, financial services, or other highly regulated industries.
- Experience supporting ICAO cybersecurity compliance or aviation regulatory environments.
- Experience implementing or administering GRC platforms such as ServiceNow GRC, RSA Archer, OneTrust, MetricStream, or AuditBoard.
- Experience leading ISO/IEC 27001 certification or surveillance audits.
- Experience managing third party security assessments and supplier risk programs.
- Familiarity with COBIT and CIS Critical Security Controls.
Preferred Certifications
- CISSP – Certified Information Systems Security Professional
- CRISC – Certified in Risk and Information Systems Control
- CISA – Certified Information Systems Auditor
- CGRC – Certified in Governance, Risk and Compliance (ISC²)
- ISO/IEC 27001 Lead Implementer
- ISO/IEC 27001 Lead Auditor
- COBIT Foundation
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Acuative Middle East
Power BI Developer
Jeddah, KSA
Acuative Middle East is seeking a highly skilled Power BI Developer to design, develop, and maintain enterprise reporting and BI solutions. The role requires strong experience in Power BI, SQL, data visualization, report
Network Security Architect
Jeddah, KSA
Acuative Middle East is hiring a Network Security Architect to administer, operate, and improve network and infrastructure security. The role focuses on firewalls, IPS, secure connectivity, and enterprise security infras
Endpoint & Email Security Engineer
Jeddah, KSA
We are seeking an Endpoint & Email Security Engineer to operate, administer, and optimize endpoint and email security platforms. The role involves monitoring, investigating, and remediating security incidents, managing s
Senior Security Architect
Jeddah, KSA
Acuative Middle East seeks a Senior Security Architect to define and advance cybersecurity architecture across enterprise, cloud, network, and application environments. The role leads secure design reviews, Zero Trust Ar
Senior Security Architect
Jeddah, KSA
Acuative Middle East seeks a Security Architecture & GRC Lead to lead security architecture and governance initiatives. The role defines security standards, conducts secure design reviews, drives Zero Trust, and ensures
Risk & Governance Analyst
Jeddah, KSA
Acuative Middle East is seeking a Risk & Governance Analyst to support its cybersecurity GRC program in Jeddah. The role involves managing the risk register, conducting control assessments, and supporting compliance with
Security Operations Manager
Jeddah, KSA
Acuative Middle East seeks a Security Operations Lead to manage the SOC, oversee security analysts, and drive incident response. The role requires 7+ years of cybersecurity experience with at least 3 years in a senior SO
Power BI Developer
Jeddah, KSA
Acuative Middle East seeks a Power BI Developer to design, develop, and maintain enterprise reporting and BI solutions. The role requires strong experience in Power BI, SQL, data visualization, and Python scripting, with
Power BI Developer
Jeddah, KSA
Network Security Architect
Jeddah, KSA
Endpoint & Email Security Engineer
Jeddah, KSA
Senior Security Architect
Jeddah, KSA
Senior Security Architect
Jeddah, KSA
Risk & Governance Analyst
Jeddah, KSA
Security Operations Manager
Jeddah, KSA
Power BI Developer
Jeddah, KSA