Head of GRC

COMPANY OVERVIEW                                                                            

NEOM is an accelerator of human progress and a vision of what a new future might look like. A region in northwest Saudi Arabia on the Red Sea, NEOM is being built from the ground up to include hyperconnected, cognitive cities, ports, next-generation infrastructure and industries, enterprise zones, research centers, sports and entertainment venues and tourist destinations.

As a destination, it will be a home for people who dream big and want to be part of building a new model for exceptional livability, creating thriving businesses and reinventing environmental conservation.

As a workplace, it is a place for people who share our core values of care, curiosity, diversity, passion, respect, and becoming a catalyst for change.

Are you ready to help NEOM find solutions to the world’s most pressing challenges? Are you prepared to create a lasting legacy that benefits generations to come? Then we want to hear from you!

ROLE OVERVIEW

The Head of GRC, in an entity currently under incorporation within NEOM, oversees and manages the organization's Governance, Risk, and Compliance program. This role involves developing and implementing policies, procedures, and controls to ensure compliance with regulatory requirements, mitigate risks, and protect the organization’s data and information systems. They will be integrating, connecting and delivering work streams across the GRC and Business Continuity functions with the organization. The entity has a large mandate in technology development, as well as business operations.

The Head of GRC is expected to guide and advise the staff on corporate compliance matters. They are also accountable for reviewing the company’s current compliance with existing and new regulations, identifying deficiencies, and providing the necessary mitigations.

This role is tasked with assessing and mitigating significant competitive, regulatory, and technological threats to an enterprise's capital and earnings.

The Head of GRC’s primary role will be to establish best-in-class Security, Risk & Privacy programs and policies that will safeguard the company and its partners.

The role will suit a highly organized and driven individual to support the organization in managing strategic GRC initiatives as well as aspects of day-to-day operations. The ideal candidate will be a versatile problem-solver with exceptional communication skills, capable of handling a wide range of responsibilities in a fast-paced environment.

REQUIREMENTS SUMMARY

• Leadership in GRC: Oversee the Governance, Risk, and Compliance program, developing and implementing policies and controls to ensure regulatory compliance and risk mitigation.
• Strategic Framework Development: Establish a comprehensive GRC framework aligned with organizational goals, serving as the primary contact for audits and regulatory inquiries.
• Risk and Compliance Management: Conduct risk assessments, maintain a risk register, and ensure compliance with data privacy and cybersecurity standards while implementing training programs for staff.
• Data Privacy and Cybersecurity: Develop data privacy policies and oversee cybersecurity measures to protect information systems, responding effectively to incidents.
• Experience and Qualifications: Minimum of 10 years in GRC roles, strong analytical and leadership skills, and a relevant degree (preferably with certifications in information security or risk management).

ROLE COMPETENCIES & ACTIVITIES

The Head of GRC responsibilities will include, but not be limited to:

Strategic role

• Responsible for ensuring that the organization is compliant with relevant regulations and standards, managing risk, and ensuring that the company’s governance policies are in line with best practices.
• Establish and implement a comprehensive GRC framework that aligns with the organization’s overall business strategy.
• Serve as the primary point of contact to IT inquiries from internal and external auditors, regulators, and clients to maximize system efficiency
• Handle delicate compliance issues with various regulatory bodies whose decisions may influence the course of our business practices.
• Advise and support Senior management on institutional governance principles for the implementation of the governance programs and effective risk management frameworks.
• The Head of GRC to perform miscellaneous job-related duties as assigned.

Governance

• Develop and implement policies, procedures, and controls that ensure the company’s compliance with laws, regulations, and industry standards.
• Ensuring that the organization's Governance policies are in line with best practices.
• Provide guidance and support to senior management on governance-related matters.
• IT Governance

 Enterprise Architecture

• Responsible for ensuring that the IT infrastructure is aligned with the entity’s goals and objectives and providing technical guidance and expertise to all stakeholders.
• Responsible for defining enterprise-wide architecture, planning for and directing large-scale integration efforts, and setting technology environment standards and guidelines.
• Envisioning, leading, and guiding the development of overall solution architecture compliance with IT transformation.
• Responsible for ensuring that the entity’s business strategy achieves its goals through the proper architecture of its technology systems. Duties include regulating the technology environment, increasing flexibility and reducing costs.
• Design, coordinate and manage the organization’s architecture models to help it perform more effectively and enhance the technology processes.
• Establishing and maintaining the link between the implementation of the architecture, the architectural strategy and objectives embodied in the enterprise architecture, and the strategic objectives of the entity.
• Providing a fundamental control mechanism for ensuring the effective implementation of the architecture
• Establishing architecture principles, leading digital transformation, developing enterprise frameworks, decommissioning or transforming legacy applications, data migration, security, privacy, etc.
• Advise on enterprise architecture landscape, including technology, information, data, security, and integration.

Compliance

• Develop review and maintain the organization’s register of compliance requirements.
• Ensure compliance with relevant laws, regulations, and industry data privacy and cybersecurity standards.
• Oversee the development and implementation of compliance training programs for employees.
• Monitor and report on compliance activities and incidents to senior management and regulatory bodies.
• Keep abreast of regulatory developments to ensure a proactive compliance culture.
• Collaborate with key stakeholders to review projects, business-critical systems, and related data to ensure compliance with data privacy laws, and if necessary, perform and advise on privacy impact assessments.
• Monitors all operational processes and procedures using a compliance management platform to ensure that the company complies with all legal regulations and ethical standards.
• Conduct proactive risk-based compliance reviews/ checks across the organization.
• Develop and execute a proactive compliance training and awareness program across the organization.
• Monitor and proactively support NEOM-mandated GRC training.

Data Privacy

• Develop and implement data privacy policies and procedures to protect personal and sensitive information.