Title: GRC ManagerLocation: Saudi Arabia (Riyadh)Contract: 6 to 12 months (extendable)

Role OverviewWe are seeking a GRC Manager with proven experience in the consumer finance / digital lending / fintech sector to lead technology and application governance, risk, and compliance activities.This is a hands-on delivery role in a regulated, fast-moving financial services environment. The successful candidate must be comfortable translating regulatory requirements into practical controls across digital platforms, not just writing policy.

Key ResponsibilitiesGovernance & ComplianceDefine and maintain technology and application GRC frameworks within a consumer finance or fintech environmentEnsure compliance with Saudi regulatory and data protection requirements including SAMA, NCA, and PDPLTranslate regulatory obligations into actionable technical and application controls

Risk ManagementConduct technology and application risk assessments, including platform and third-party riskMaintain risk registers, remediation plans, and formal risk acceptance documentationSupport regulatory inspections, internal assurance, and external audits

Delivery & Stakeholder EngagementWork directly with engineering, DevOps, cybersecurity, product, and compliance teamsEmbed GRC requirements into SDLC, CI/CD, change, and release processesChallenge delivery teams where controls are weak or non-compliant

Documentation & ReportingProduce regulator-ready policies, standards, procedures, and evidence packsProvide concise reporting to senior stakeholders on risk posture and remediation progress

Required Experience5+ years experience in GRC, Technology Risk, or IT ComplianceDirect experience in consumer finance, digital lending, BNPL, fintech, or regulated financial servicesHands-on experience with application-level and platform risk managementStrong working knowledge of SAMA, NCA, and PDPL requirementsExperience operating in contract or interim roles with minimal supervision