img
Contract TypeFull-time
Workplace typeOn-site
LocationRiyadh

Job Description

About the Role

NextEra is seeking a Senior Compliance Manager to lead and manage cybersecurity governance, risk, and compliance (GRC) initiatives across its Middle East and European operations. This full-time position is based in Riyadh, Saudi Arabia, and requires over 10 years of experience in the field. The successful candidate will possess strong expertise in cybersecurity regulations, information security standards, audit management, and compliance frameworks, driving cyber resilience and regulatory adherence throughout the organization.

This role is responsible for ensuring compliance with regional and international cyber regulations, operationalizing cybersecurity governance programs, managing control remediation activities, and supporting security requirements for strategic business initiatives and customer engagements.

Cyber Governance and Regulatory Adherence

The Senior Compliance Manager will oversee and ensure the organization's adherence to critical cybersecurity regulations and standards. Responsibilities include:

  • Ensuring compliance with cybersecurity regulations applicable across the Middle East and European regions.
  • Managing and maintaining compliance with standards including ISO 27001, ISO/IEC 27701, GDPR, and the Saudi Personal Data Protection Law (PDPL).
  • Monitoring evolving cyber regulatory requirements and ensuring timely implementation of compliance controls.
  • Driving cybersecurity governance programs and compliance reporting across multiple business units.

Audit and Risk Management

This role involves comprehensive management of cybersecurity audits and risk mitigation strategies:

  • Planning, coordinating, and executing internal cybersecurity audits and compliance assessments.
  • Identifying compliance gaps, risks, and control deficiencies, and developing remediation plans.
  • Tracking remediation activities and collaborating with stakeholders to ensure timely closure of findings.
  • Facilitating external audits, certification audits, and regulatory reviews.

GRC Program Management and Control Effectiveness

The manager will operationalize and enhance the enterprise GRC framework and ensure the effectiveness of security controls:

  • Operationalizing and managing enterprise Governance, Risk & Compliance (GRC) initiatives.
  • Establishing governance frameworks, policies, procedures, and controls aligned with industry standards.
  • Supporting risk assessments, control evaluations, and compliance monitoring activities.
  • Driving continuous improvements in governance processes and compliance monitoring mechanisms.
  • Maintaining oversight on emerging cyber threats and regulatory developments impacting business operations.
  • Working closely with cybersecurity operations teams to ensure effectiveness of security controls.
  • Guiding teams on implementing preventive, detective, and corrective controls.
  • Supporting compliance requirements associated with EDR, DLP, SIEM, SOC, PIM, IRM, and related security technologies.

Business Engagement and Continuous Improvement

This role also involves supporting business functions and driving innovation in compliance processes:

  • Supporting cybersecurity requirements for customer RFPs, bids, and contractual compliance obligations.
  • Acting as a trusted advisor for projects requiring regulatory and compliance guidance.
  • Engaging with senior stakeholders and business leaders on governance and compliance matters.
  • Promoting cybersecurity awareness and a compliance culture across the organization.
  • Evaluating and implementing automation opportunities within audit, compliance, and GRC processes.
  • Leveraging technology solutions to enhance compliance monitoring and reporting capabilities.
  • Developing dashboards, KPIs, and executive reporting metrics to measure compliance effectiveness.

Candidate Profile

The ideal candidate will demonstrate the following qualifications and attributes:

  • Extensive experience working in large enterprises, consulting organizations, or regulated industries.
  • Deep understanding of cybersecurity governance within Middle East markets.
  • Exposure to regulatory compliance across multinational organizations.
  • Ability to manage multiple compliance initiatives simultaneously while maintaining operational excellence.

Requirements

  • Requires +10 Years experience

Similar Jobs