Cybersecurity GRC Manager

Confirmed live in the last 24 hours

Hala

Riyadh, Riyadh, Saudi Arabia

Hybrid

Posted April 7, 2026

Job Description

Who Are We

HALA is a leading fintech player in the MENAP region that aims to redefine financial services and build the future bank of SMEs. HALA aims at empowering SMEs to start, run, and grow their businesses by providing them with cutting-edge financial and technological tools.

HALA currently holds multiple entities in UAE, Saudi Arabia and Egypt (including HALA Payments and HALA Logistics) and offers solutions that enable merchants to digitize their payments as well as manage their sales and operations.

Founded in 2017, HALA is currently licensed by the Saudi Arabian Central Bank.

Job Summary:

The Cybersecurity Governance, Risk, and Compliance (GRC) Officer is responsible for developing, implementing, and continuously enhancing the organization’s cybersecurity governance framework and overall security strategy. The role ensures alignment with business objectives and regulatory mandates, oversees enterprise-wide risk management, manages compliance with national and industry regulations (including SAMA CSF and PCI DSS), and leads internal and external audits. The officer also provides regular reporting to executive leadership and the Board, ensuring HALA maintains a strong, resilient, and compliant security posture across governance, risk, compliance, and assurance functions.

Tasks and Responsibilities:

Develop, implement, and continuously improve the Information Security Governance framework, policies, standards, and procedures.
Lead the development and execution of the Cybersecurity Strategy in alignment with HALA’s business goals.
Provide regular cybersecurity posture reports to the Board of Directors and executive management.
Establish and manage a cybersecurity metrics and KPI program to measure program effectiveness and track progress.
Oversee the information security budget and ensure effective allocation of resources.
Design and manage a comprehensive enterprise-wide Cybersecurity Risk Management program.
Conduct regular risk assessments and Business Impact Analyses (BIA) to identify, analyze, and evaluate information security risks.
Facilitate risk treatment planning with business and technology owners, ensuring appropriate mitigation, acceptance, or transfer.
Manage vendor risk, including assessing the security posture of third-party vendors, cloud providers, and payment partners.
Integrate risk management requirements into SDLC and change management processes.
Act as the primary point of contact and subject matter expert for all regulatory cybersecurity examinations and audits (e.g., SAMA, CMA).
Ensure continuous compliance with SAMA CSF, PCI DSS, and all relevant regulatory frameworks and standards.