Overview

Compliance Manager Jobs in Jeddah, Makkah, Saudi Arabia at Acuative Middle East

Title: Compliance Manager

Company: Acuative Middle East

Location: Jeddah, Makkah, Saudi Arabia

Job Summary

The Governance, Risk & Compliance (GRC) Lead is responsible for leading the organization's cybersecurity governance, risk management, and compliance program. The role ensures the effective implementation, monitoring, and continuous improvement of security governance practices while maintaining compliance with applicable regulatory and industry frameworks, including the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC), NIST Cybersecurity Framework (CSF), ISO/IEC 27001, and ICAO Cybersecurity Standards.

The GRC Lead serves as the primary advisor on cybersecurity governance and regulatory compliance, working closely with executive leadership, business units, auditors, and technology teams to establish effective security controls, manage cyber risk, oversee audit readiness, and drive continuous compliance.

Key Responsibilities

Governance & Security Frameworks

  • Lead the organization's Cybersecurity Governance Program.
  • Develop, implement, and maintain the Information Security Management System (ISMS).
  • Ensure compliance with:
  • NCA Essential Cybersecurity Controls (ECC)
  • NIST Cybersecurity Framework (CSF)
  • NIST SP 800-53
  • ISO/IEC 27001 and ISO/IEC 27002
  • ICAO Cybersecurity Standards (where applicable)
  • Develop and maintain cybersecurity policies, standards, procedures, and governance documentation.
  • Lead governance committees and coordinate Security Steering Committee meetings.
  • Conduct cybersecurity maturity assessments and develop improvement plans.
  • Ensure governance processes align with business objectives and regulatory obligations.

Risk Management

  • Lead the enterprise cybersecurity risk management program.
  • Maintain the enterprise cybersecurity risk register.
  • Conduct cyber risk assessments and facilitate business risk workshops.
  • Review and approve risk treatment plans and risk acceptance requests.
  • Monitor remediation activities and ensure timely closure of identified risks.
  • Develop and report Key Risk Indicators (KRIs).
  • Provide executive reporting on the organization's cyber risk posture.

Compliance & Assurance

  • Lead internal and external cybersecurity audits.
  • Coordinate compliance assessments against NCA ECC, NIST, ISO/IEC 27001, and ICAO requirements.
  • Oversee security control assessments and compliance reviews.
  • Coordinate evidence collection and maintain audit readiness.
  • Track audit findings and corrective actions through closure.
  • Support third-party risk assessments and supplier security reviews.

Policies & Standards

  • Develop and maintain information security policies, standards, procedures, and guidelines.
  • Manage policy review and approval cycles.
  • Review security exceptions and compensating controls.
  • Promote governance awareness across the organization.
  • Ensure documentation remains current and aligned with regulatory requirements.

Reporting & Metrics

  • Develop executive dashboards and governance reports.
  • Report cybersecurity KPIs and KRIs.
  • Present governance, compliance, and risk reports to executive management.
  • Report on:
  • Compliance status
  • Audit findings
  • Enterprise risk
  • Security maturity
  • Control effectiveness
  • Remediation progress

Required Qualifications

  • Bachelor's degree in Cybersecurity, Information Security, Information Technology, Risk Management, Business Administration, or a related field.
  • Minimum 7 years of experience in Governance, Risk & Compliance (GRC), Information Security, Audit, or Cybersecurity.
  • Minimum 3 years in a leadership or senior GRC role.
  • Proven experience implementing and managing enterprise GRC programs.
  • Hands-on experience with cybersecurity risk assessments and risk register management.
  • Experience leading internal and external audits.
  • Strong knowledge of cybersecurity governance frameworks and regulatory compliance.

Required Technical Skills

Governance & Risk

  • Cybersecurity Governance
  • Enterprise Risk Management
  • Risk Register Management
  • Security Control Assessments
  • Compliance Assessments
  • Audit Management
  • Policy & Standards Development
  • Third-Party Risk Management
  • Information Security Management Systems (ISMS)

Frameworks

  • National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC)
  • NIST Cybersecurity Framework (CSF)
  • NIST SP 800-53
  • ISO/IEC 27001
  • ISO/IEC 27002
  • ISO 31000 Risk Management

Reporting & Tools

  • Microsoft Excel (Advanced)
  • Microsoft Power BI
  • Microsoft Office Suite
  • Experience preparing executive dashboards and governance reports

Preferred Qualifications

  • Experience working in government, aviation, telecommunications, financial services, or other highly regulated industries.
  • Experience supporting ICAO cybersecurity compliance or aviation regulatory environments.
  • Experience implementing or administering GRC platforms such as ServiceNow GRC, RSA Archer, OneTrust, MetricStream, or AuditBoard.
  • Experience leading ISO/IEC 27001 certification or surveillance audits.
  • Experience managing third-party security assessments and supplier risk programs.
  • Familiarity with COBIT and CIS Critical Security Controls.

Preferred Certifications

  • CISSP – Certified Information Systems Security Professional
  • CRISC – Certified in Risk and Information Systems Control
  • CISA – Certified Information Systems Auditor
  • CGRC – Certified in Governance, Risk and Compliance (ISC²)
  • ISO/IEC 27001 Lead Implementer
  • ISO/IEC 27001 Lead Auditor
  • COBIT Foundation

Upload your CV/resume or any other relevant file. Max. file size: 800 MB.