GRC Team Lead

Company Description

Innovative Solutions (IS) is a leading pure-player Cybersecurity company in the GCC established in 2003, headquartered in Riyadh with presence in Al Khobar, Jeddah, Dubai, and Abu Dhabi. Our Cybersecurity Solutions and Services encompass Advisory Services, Technical Assurance, Solution Deployment, Professional Services, and Managed Security Services.

At Innovative Solutions, we are dedicated to our mission to “Bring Trust to Cyberspace” to ensure “Your Business, Secured.”

Role Description

The GRC Team Lead will be responsible for managing a team of Governance, Risk, and Compliance (GRC) specialists, ensuring the effective execution of GRC initiatives, and promoting a culture of compliance and risk awareness within the organization. You will oversee the assessment, design, and implementation of the GRC framework, aligning it with regulatory requirements and best practices.

Responsibilities

• Lead GRC framework design & implementation
• Ensure compliance with national/international standards
• Drive enterprise risk management
• Advise senior management on compliance posture
• Mentor GRC consultants and liaise with regulators
• Develop and maintain the organization's GRC framework and strategy.
• Conduct and oversee risk assessments and compliance audits to identify areas for improvement.
• Ensure alignment with relevant laws, regulations, and standards such as NIST, ISO 27001, PCI DSS, and applicable local regulations.
• Collaborate with cross-functional teams to implement and enforce cybersecurity policies and procedures.
• Monitor and report on the organization’s risk profile and compliance status to senior management.
• Stay updated with the latest trends in governance, risk, and compliance within the cybersecurity landscape.
• Create and conduct training sessions and awareness programs.

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.

• Minimum of 6 years of experience in cybersecurity, with a leadership role focused on governance, risk management, and compliance.
• In-depth knowledge of cybersecurity frameworks, compliance requirements, and industry best practices.
• Knowledge of Saudi regulations (NCA, SAMA, CITC, NDMO)
• Proven experience in conducting risk assessments, compliance audits, and developing GRC strategies.
• Relevant certifications such as CISM, CISSP, CRISC, ISO 27001 Lead Implementer, or equivalent are preferred.