GRC Lead

The GRC Lead is responsible for leading AlUla Club’s Cyber Security Governance, Risk, and Compliance program. This role ensures that policies, processes, and controls are strategically aligned with business objectives, comply with regulatory frameworks, and effectively mitigate risks. The GRC Lead will design and maintain governance structures, implement risk management frameworks, and oversee compliance initiatives to protect the Club’s digital assets, reputation, and operational integrity.

Responsibilities

• Develop and document governance processes for cyber initiatives, policies/standards, and contracts.
• Align governance processes with clear objectives, oversight mechanisms, and review cycles.
• Maintain and review RACI matrices for key processes.
• Drive continuous improvement in governance frameworks.
• Ensure measurable value delivery from governance activities.
• Design and implement an effective Cyber Security risk management process.
• Identify, analyze, and evaluate risks in line with organizational and regulatory requirements.
• Provide tailored risk reporting for executive, departmental, and operational audiences.
• Educate stakeholders on potential internal and external risk impacts.
• Maintain an up-to-date register of legal and regulatory compliance requirements (e.g., NCA, PDPL, PCI DSS).
• Conduct periodic assessments of control systems and recommend enhancements.
• Review cybersecurity procedures to identify vulnerabilities or recurring issues.
• Collaborate with departments to ensure policy compliance.
• Implement periodic procedural and process reviews.
• Coordinate with vendors according to defined plans.
• Engage with regulatory bodies (NCA, SDAIA) as needed to ensure compliance and alignment.

Requirements

• +4 Years of experience in cybersecurity governance, risk, and compliance.
• Strong knowledge of NCA and SDAIA regulations and relevant standards.
• Bachelor’s degree in Cybersecurity, IT, Computer Science, or related field.
• At least one professional certification (CISSP, CISM, CISA).
• Proven leadership, communication, and stakeholder management skills.
• Experience in multi-platform OS (Windows, Linux, Unix) and application/database security.

Benefits

• Health Insurance Coverage
• Paid Leave
• Remote Work Opportunities (where applicable)
• Professional Development and Training