BCM & IT Risk Manager

HALA is a leading fintech player in the MENAP region that aims to redefine financial services and build the future bank of SMEs. HALA aims at empowering SMEs to start, run, and grow their businesses by providing them with cutting-edge financial and technological tools.

HALA currently holds multiple entities in UAE, Saudi Arabia and Egypt (including HALA Payments, HALA Cashier and HALA Logistics) and offers solutions that enable merchants to digitize their payments as well as manage their sales and operations.

Founded in 2017, HALA is currently duly licensed by the Saudi Arabian Central Bank as well as the Financials Services Regulatory Authority (FSRA) in Abu Dhabi Global Market.

Position Overview:

A seasoned professional to maintain and enhance a Business Continuity Management (BCM) and IT Risk Management program in alignment with the SAMA BCM Framework and SAMA Cybersecurity Framework. The role ensures organizational resilience, regulatory compliance, and operational stability across critical fintech services.

Key Responsibilities

Governance & Regulatory Alignment:
• Develop and maintain the BCM Policy and Framework in compliance with the SAMA BCM Framework and related circulars.
• Ensure clear BCM governance structure, roles, and responsibilities across the organization.
• Report regularly to senior management, the Board Risk Committee, and SAMA on BCM and IT risk posture.
• Oversee regulatory inspections, audits, and provide evidence of BCM program maturity.

Business Continuity Management (SAMA-Aligned)

•Conduct BCM-Risk Assessment (RA) to identifies critical threats to business processes and services.
•Conduct Business Impact Analysis (BIA) to identify critical functions, Maximum Tolerable Downtime (MTD), Recovery Time Objective (RTO), and Recovery Point Objective (RPO).
• Develop and maintain Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs) for critical business services.
• Ensure recovery strategies and alternate site arrangements are tested and documented.
• Lead regular BCM testing, including scenario-based crisis simulations and annual DR site tests as required by SAMA.
• Integrate BCM requirements into third-party vendor management and ensure outsourcing risks are assessed.
• Ensure BCM awareness training for employees and continuous improvement culture.

IT Risk & Cyber Resilience
• Develop and maintain an IT Risk Management Framework aligned with SAMA Cybersecurity Framework and ISO 27005.
• Identify, assess, and mitigate risks related to IT infrastructure, fintech platforms, digital payments, and cloud environments.
• Maintain IT risk registers, KRIs, and dashboards, reporting material risks to executive management and the Board.
• Support regulatory compliance for PCI-DSS, GDPR, ISO 27001, and NCA cybersecurity mandates.
• Evaluate third-party providers and cloud services for IT risk and resilience requirements.
• Ensure alignment between BCM, IT Disaster Recovery, and Cybersecurity incident response plans.

Monitoring & Reporting
• Provide periodic updates to the BCM Steering Committee, Executive Management, and the Board.
• Prepare and submit BCM/IT risk reports as mandated by SAMA supervisory requirements.
• Track, escalate, and remediate weaknesses identified in drills, audits, or regulatory reviews.

Qualifications
• Bachelor’s degree in risk management, Business Continuity, Information Security, or IT.
• Professional certifications (preferred):
• BCM: ISO 22301 Lead Implementer, CBCP, or MBCI.
• Risk & Security: CRISC, CISM, CISSP, ISO 27001 Lead Implementer.
• 7–10 years of experience in BCM, IT risk, or operational resilience, preferably in fintech, payments, or banking.
• Deep knowledge of SAMA BCM Framework, SAMA Cybersecurity Framework, and local regulatory requirements (CMA, NCA).
• Strong communication and leadership skills to engage regulators, senior executives, and crisis teams.

Key Competencies
• Regulatory expertise in SAMA BCM Framework and fintech resilience standards.
• Strong analytical, problem-solving, and governance skills.
• Ability to lead crisis management and incident response under pressure.
• Balance between business agility and regulatory compliance.

What We Offer You
We believe you will love working at HALA!

• We have an inclusive and diverse culture that encourages innovation and flexibility in remote, in-office, and hybrid work setups.
• We offer highly competitive compensation packages, including the potential for shares.
• We prioritize personal development and offer regular training and an annual learning stipend to tackle new challenges and grow your career in a hyper-growth environment.
• Join a talented team of over 30 nationalities working in 7 countries and gain valuable experience in an exciting industry.
• We offer autonomy, mentoring, and challenging goals that create incredible opportunities for both you and the company.
• You will be given a lot of responsibility and trust.We believe that the best results come when the people responsible for a function are given the freedom to do what they think is best.

Create a Job Alert

Interested in building your career at HALA? Get future opportunities sent straight to your email.

*

indicates a required field

First Name *

Last Name *

Email *

Phone *

Resume/CV *

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

What is your current salary? *

What is your expected salary? *

Are you Saudi? * Select...

What is your nationality? * Select...

What is your notice period? * Select...

Are you living in Riyadh? * Select...

Have you held any leadership positions?If yes, kindly, describe *

Do you have +4 years experience in this field * Select...

Do you have experience in IT risk management, business continuity planning, disaster recovery, or similar roles within fintech, financial services, or regulated environments ? Select...

Do you have a strong understanding of risk management frameworks, IT security standards, and BCM methodologies (ISO 22301, ISO 27001) ? Select...

Do you have hands-on experience in conducting risk assessments, Business Impact Analyses (BIA), and drafting continuity and recovery plans? Select...

Are you familiar with cybersecurity principles, cloud infrastructure, data backup solutions, and incident management ? Select...