Director - Risk Governance

OVERVIEW

NEOM is an accelerator of human progress and a vision of what a new future might look like. A region in northwest Saudi Arabia on the Red Sea, NEOM is being built from the ground up to include hyperconnected, cognitive cities, ports, next-generation infrastructure and industries, enterprise zones, research centers, sports and entertainment venues and tourist destinations. 

As a destination, it will be a home for people who dream big and want to be part of building a new model for exceptional livability, creating thriving businesses and reinventing environmental conservation.

As a workplace, it is a place for people who share our core values of care, curiosity, diversity, passion, respect, and becoming a catalyst for change.

Are you ready to help NEOM find solutions to the world’s most pressing challenges? Are you prepared to create a lasting legacy that benefits generations to come? Then we want to hear from you!

ROLE OVERVIEW

The Director of Risk Governance shall be responsible for leading the development, enhancement, and implementation of the ERM Operating Model & Governance Structure. This includes the development and maintenance of Risk and Internal Control governance documents and periodic reporting structure, development and implementation of ERM yearly activity and resourcing plans, and enablement of mature risk management processes and culture.  Further, the role will provide oversight on establishment of subsidiary/ sub-entity level risk management functions.

REQUIREMENTS SUMMARY

• Experience in enterprise risk management (ERM) governance, frameworks, and process design.
• Experience in leading and managing cross-functional risk teams and large-scale ERM initiatives.
• Knowledge of integrated GRC systems (e.g., Archer, ServiceNOW) and risk technology implementation.
• Experience in developing and overseeing risk policies, taxonomies, and internal control frameworks.
• Skilled in GRC reporting, with experience presenting to senior leadership and board-level committees.
• Ability to design and implement key risk indicators (KRIs) and incident management protocols.
• Strong interpersonal and leadership skills, with the ability to coach, influence, and collaborate across diverse functions.
• Ability to manage multiple priorities and stakeholder relationships in a complex organizational environment.
• Strategic mindset with hands-on execution ability and a continuous improvement orientation.
• Experience engaging with external auditors, regulators, and advisory bodies.

ROLE COMPETENCIES & ACTIVITIES

The Director of Risk Governance responsibilities will include, but not be limited to:

Implementation of the ERM Operating Model

• Oversee the assessment and improvement of the overall internal ERM function. This includes development of a fit-for-purpose ERM organizational structure, maintaining cross ERM vertical interfaces, and enabling collaboration efforts with other NEOM-wide sectors, regions and functions.
• Maintain ERM Function’s library of job descriptions, assess resource and budgeting requirements, and manage the ERM Function’s hiring and on-boarding process.
• Along with the Executive Director – Risk Management, ensure that appropriate mechanisms (including metrics/ targets) are implemented to monitor ERM Function’s performance.
• Develop Yearly ERM activity plans with the objective of enhancing overall maturity of NEOM-wide risk management methodologies, approaches, and processes. Manage the implementation and maintenance of the ERM Yearly plans. 
• Oversee the establishment of subsidiary/ sub-entity level risk management functions. Ensure that these functions are aligned with NEOM-ERM requirements.
• Manage performance of Risk Governance vertical’s employees. This includes choosing metrics and setting targets (to be conducted jointly with the ED and HR function), identifying relevant training programs, creating targeted employee level development plans, enhancing team capabilities, and/or coaching team members.

Risk Governance

• Oversee the development, implementation and maintenance of Risk and Internal Control Policies, Framework and Processes/ Procedures (‘ERM Governance Documents’).
• Ensure that the ERM Governance Documents comprehensively cover all NEOM activities and material risk and control types. Ensure that these documents are aligned with NEOM Business context and applicable best practices.
• Enable the development, implementation, and maintenance of an integrated GRC Framework.
• Support the review of non-Risk policies. Where relevant, ensure that these have the required risk management clauses embedded.
• Assist in defining and/or updating relevant Risk Appetites and limits / thresholds applicable to Operational and Technology risks.
• Oversee the development and maintenance of the risk and control taxonomy.
• Lead the development and maintenance of Board-level and Executive-level GRC/ Risk Committees terms of refences (‘ToRs’). Further, act as committee secretary (where mandated).

Risk Tools and Technology

• Support the development of an integrated GRC system (e.g., ServiceNOW, Archer, Enablon).
• Oversee the maintenance of the integrated GRC system. This includes ensuring that adequate data and system controls are in place, and managing access profiles and user rights (with IT Functions)
• Lead identification and oversee implementation of eGRC enhancements (as required).
• Lead the identification of best practice risk management and internal controls technology and tools. Oversee the validation and implementation process of such technology and tools.

GRC Integrated Reporting

• Oversee the development and enhancements of the periodic GRC reporting. This includes defining relevant reporting structure, reporting processes, templates, dashboards, etc.
• Ensure regular on-time GRC reporting to relevant stakeholders (including senior management, management committees, board committees, and other internal and external stakeholders)
• Lead the timely and accurate collection of risk information (required for reporting) through collaboration with other ERM Risk Teams (e.g., Finance and Strategy Risks, Project Risks, and Operational & Technology risks).
• Ensure timely collection and efficient storage of all risk data.
• Ensure the timely and accurate collection of GRC information in collaboration with other GRC Functions.

Risk & Incident Monitoring

• Oversee the overall process/ program to identify, assess, monitor, and treat NEOM-Wide key risks/ principal risks.
• Oversee the development of a consistent process to periodically aggregate exposures prevalent in risk and control registers (‘Bottom-Level Risks’). Ensure timely consolidation of Bottom-Level risk exposures to arrive at key pervasive themes.
• Oversee the development and implementation of processes to monitor risk treatment plans and ensure that delayed risks are timely escalated to relevant senior management.
• Oversee the development of Key Risk Indicators (‘KRIs’). Further, lead the development of KRI data collection, evaluation and reporting mechanisms (including escalations) to ensure effective periodic monitoring.
• Oversee the development and implementation of processes to identify Risk Incidents (i.e., materialized risks). Collaborate with other ERM Risk Teams to ensure that risk incidents are investigated, risk assessed, treated and reported.
• Oversee the development of risk quantification techniques across ERM risk domains and other NEOM Entities.
• Ensure that a comprehensive incident log/ database is maintained.

Collaboration

• Provide strategic and expert advice to the ED, other ERM Domain Leaders, and to broader stakeholder groups on Risk Governance and risk management processes.
• Oversee the implementation of initiatives that promote a strong risk culture across NEOM (including conducting periodic risk culture surveys/ studies, holistic risk management training programs etc.).
• Promote a strong culture of collaboration across the ERM Function.
• Identify the relevant emerging best practices in Risk Management and ensure their implementation in NEOM if appropriate.
• Assist NEOM’s engagement with external parties, including external auditors, appointed consultants, regulatory bodies, and other related parties (e.g., PIF, CEDA, etc.).
• Work with other Risk Domain teams (i.e., Strategic and Financial Risks, Project Risks, and Risk Governance), providing input on risk exposures, control weaknesses, risk interdependencies, etc.

Culture and Values

• Embrace NEOM’s culture and Values https://www.neom.com/en-us/about
• Act with honesty and integrity by following best practices, and upholding the robust standards and expectations set out in NEOM’s Code of Conduct.
• Maintain fair, ethical and professional work practices in accordance with NEOM’s Values and Code of Conduct.
• Adhere to NEOM’s Policies, procedures, and controls to ensure compliance with rules. 

EXPERIENCE & QUALIFICATIONS

Knowledge, Skills and Experience

• At least 12+ years experience in establishing and/or leading best practice aligned ERM/ Risk Management functions.
• Experience in consulting and/ or complex multi-national organizations would be an advantage.
• Experience in the GCC region would be an advantage.
• Advance level of knowledge of ERM and Internal Controls frameworks (e.g. COSO, ISO, COBIT) and other best practices.
• Expertise in risk domains (Finance, Strategy, Operational, Compliance, etc.) including experience of conducting risk reviews, control assessments, and enhancements
• Knowledge of GRC and risk technology.
• Change leadership and organizing skills.  A strong and organized personality.
• Self-confidence and the ability to communicate with others.  Must be skillful at building collaborative relationships across NEOM and its Subsidiaries and across all lines of management.
• Ability to handle confidential and sensitive matters.
• Ability to communicate clearly and effectively in English, both orally and in writing.  Knowledge of other languages is desirable.
• Expert skills in report-writing and presentation techniques.

Qualifications

• Minimum a Bachelor’s degree in Accounting / Business Administration / Economics / Engineering or similar from an accredited university.  A postgraduate degree would be an advantage.
• Additional certifications from internationally recognized bodies would be an advantage (e.g., CA/CPA or equivalent, FRM, CIA, etc.).