GRC Director

Job description / Role

Job Description

• Responsible for overseeing and leading the governance, risk management, and compliance functions within Giza Systems Group of companies. This role ensures that the company adheres to legal, regulatory, and ethical standards while effectively managing risks and implementing governance best practices.
• Develop and implement governance frameworks that ensure accountability and transparency in decision-making processes.
• Oversee the development, implementation, and maintenance of the organization's authority matrix and delegation of authority (DOA) framework.
• Monitor compliance with governance policies, identify gaps, and recommend improvements.
• Ensure effective communication and enforcement of governance principles across the organization.
• Work closely with senior management and the board affairs to provide regular updates on governance issues and advise on corporate governance best practices.
• Oversee the development and implementation of governance policies and conduct governance reviews to ensure compliance and fitness to organizational context.
• Define and update the organization's strategic authority matrix and promote awareness of it throughout the organization.
• Report on governance-related activities and performance metrics to relevant stakeholders via an established governance venue.
• Develop and monitor risk management strategies and mitigation plans to reduce the likelihood and impact of risks.
• Develop and implement a comprehensive risk management strategy, identifying and mitigating potential risks across the organization (e.g., financial, operational, and reputational risks).
• Oversee the implementation of risk management processes across all departments.
• Ensure that risk management policies align with industry standards and regulatory requirements.
• Conduct comprehensive risk assessments of administrative controls to report and consult on mitigations of the risk in accordance with Giza Systems risk management framework.
• Perform management and execution of system assessments, risk assessments, or vulnerability assessments, including the resolution of discovered issues and development of POAM documentation "Plan of Action and Milestones."
• Develop specific plans to mitigate risks according to the risk level.
• Develop and maintain the organization's risk appetite statement.
• Implement and oversee Internal Control Reviews (ICR) to evaluate and improve the effectiveness of internal controls.
• Promote a culture of risk awareness throughout the organization by providing ongoing training and awareness for employees.
• Develop and implement a comprehensive anti-fraud and anti-corruption program, including policies, procedures, training, and awareness initiatives, to mitigate fraud and corruption risks across the organization.
• Ensure the organization's compliance with relevant laws, regulations, and standards.
• Prepare an annual compliance universe and calendar to manage the program based on priority of the organization.
• Design and implement compliance programs to prevent violations and manage regulatory risks.
• Conduct regular audits and assessments to monitor adherence to compliance policies.
• Collaborate with legal and internal audit teams to address potential compliance issues.
• Establish a mechanism for receiving, tracking, recording, investigating, and responding to all issues about the company policies and practices.
• Investigate and resolve compliance issues, gaps, and incidents.
• Oversee the development and maintenance of internal policies to ensure continuous compliance.
• Stay updated on changing regulations and advise the organization on necessary adjustments.
• Develop, implement, and maintain a business continuity management policy, strategies, and processes that are aligned with corporate objectives.
• Develop and maintain the Disaster Recovery and Business Continuity plan, including procedures for testing and exercising the plan (TTX).
• Support management in identifying and assessing business continuity risks across the organization, maintaining risk registers, and identifying appropriate treatment plans.
• Determine critical assets, identify potential threats and vulnerabilities, and assess the potential business impact of disruptions.
• Plan an effective response, identify roles and responsibilities, and ensure effective communication throughout the organization.
• Conduct regular training and awareness programs to ensure that employees understand their roles and responsibilities in business continuity situations.
• Lead the GRC team, providing direction and support to ensure effective performance.
• Develop the organization's GRC strategy, aligning it with the broader business goals.
• Report regularly to the executive team and board on GRC performance and initiatives.
• Promote a culture of compliance, risk awareness, and ethical behavior across the organization.
• Provide training and guidance to employees on governance, risk, and compliance matters.
• Serve as a liaison between the organization and regulatory bodies, ensuring open communication and timely reporting.
• Promote awareness of company policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals.
• Maintain updated on the way company standards, practices, and procedures are used while developing and managing services.
• Review, conduct, or perform audits and reviews of company programs and projects.
• Prepare and present regular reports to senior management and the board of directors.
• Collaborate with various departments to integrate GRC practices into business operations.

Personal Skills

• B.Sc. in business administration, law, finance, or a related field.
• Master's in business administration, law, finance, or a related field (advanced degree preferred).
• 15 years of experience in relevant field.
• 12 years of experience (in case of a Master's degree holder).
• Excellent leadership and communication skills.
• Ability to analyze complex data, identify risks, and make informed decisions.
• Excellent communication and interpersonal skills.
• Proven ability to lead and motivate a team.
• Strong organizational and project management skills.
• Excellent analytical, problem-solving, and decision-making skills.

Technical Skills

• Extensive experience in governance, risk management, and compliance roles.
• Strong awareness in working in the Saudi market and regulatory environment.
• Past experience in technology companies / system integrator is a plus.
• Strong knowledge of relevant legal and regulatory requirements.
• Certifications such as Certified Risk and Compliance Management Professional (CRCMP) or Certified Information Systems Auditor (CISA) may be preferred.
• CIA certification is a plus.
• Cybersecurity experience / certification is a plus.
• In-depth knowledge of regulatory requirements and industry standards.
• Strategic thinking.
• Leadership.
• Risk management.
• Regulatory compliance.
• Ethical judgment.
• Communication.
• Analytical skills.
• Project management.

About the Company

Giza Systems, a leading systems integrator in the MEA region, designs and deploys industry-specific technology solutions for asset-intensive industries such as the telecoms, utilities, oil and gas, hospitality and real estate among other market sectors. We help our clients streamline their operations and businesses through our portfolio of solutions, managed services, and consultancy practice. Our team of 1000 professionals are spread throughout the region with anchor offices in Cairo, Riyadh, Dubai, Doha, Nairobi, Dar-es-Salaam, Abuja, Kampala and New Jersey, allowing us to service an ever-increasing client base in over 40 countries.