Cybersecurity GRC Manager

HALA is a leading fintech in the MENAP region that aims to redefine financial services and build the future bank of SMEs. HALA empowers SMEs to start, run, and grow their businesses by providing cutting-edge financial and technological tools. HALA operates entities in UAE, Saudi Arabia and Egypt (including HALA Payments, HALA Cashier and HALA Logistics) and offers solutions that enable merchants to digitize their payments and manage sales and operations. Founded in 2017, HALA is licensed by the Saudi Arabian Central Bank and the Financial Services Regulatory Authority (FSRA) in Abu Dhabi Global Market.

The Cybersecurity Governance, Risk, and Compliance (GRC) Officer is responsible for developing, implementing, and continuously enhancing the organization’s cybersecurity governance framework and overall security strategy. The role ensures alignment with business objectives and regulatory mandates, oversees enterprise-wide risk management, manages compliance with national and industry regulations (including SAMA CSF and PCI DSS), and leads internal and external audits. The officer provides regular reporting to executive leadership and the Board, ensuring HALA maintains a strong, resilient, and compliant security posture across governance, risk, compliance, and assurance functions.

• Develop, implement, and continuously improve the Information Security Governance framework, policies, standards, and procedures.
• Lead the development and execution of the Cybersecurity Strategy in alignment with HALA’s business goals.
• Provide regular cybersecurity posture reports to the Board of Directors and executive management.
• Establish and manage a cybersecurity metrics and KPI program to measure program effectiveness and track progress.
• Oversee the information security budget and ensure effective allocation of resources.
• Design and manage a comprehensive enterprise-wide Cybersecurity Risk Management program.
• Conduct regular risk assessments and Business Impact Analyses (BIA) to identify, analyze, and evaluate information security risks.
• Facilitate risk treatment planning with business and technology owners, ensuring appropriate mitigation, acceptance, or transfer.
• Manage vendor risk, including assessing the security posture of third-party vendors, cloud providers, and payment partners.
• Integrate risk management requirements into SDLC and change management processes.
• Act as the primary point of contact and subject matter expert for regulatory cybersecurity examinations and audits (e.g., SAMA, CMA).
• Ensure continuous compliance with SAMA CSF, PCI DSS, and all relevant regulatory frameworks and standards.
• Manage regulatory licensing and certification requirements related to cybersecurity.
• Prepare and submit regulatory reports, evidence packages, questionnaires, and compliance documentation in a timely manner.
• Monitor and interpret regulatory changes and proactively advise the business on required updates.
• Manage all internal and external cybersecurity audits, including coordination, evidence collection, and follow-up.
• Develop and maintain a robust control testing and assurance program to validate the effectiveness of security controls.
• Oversee the remediation of all audit and assessment findings, ensuring they are resolved permanently.

• We have an inclusive and diverse culture that encourages innovation and flexibility in remote, in-office, and hybrid work setups.
• We offer highly competitive compensation packages, including the potential for shares.
• We prioritize personal development and offer regular training and an annual learning stipend to tackle new challenges and grow your career in a hyper-growth environment.
• Join a talented team of over 30 nationalities working in 7 countries and gain valuable experience in an exciting industry.
• We offer autonomy, mentoring, and challenging goals that create incredible opportunities for both you and the company.
• You will be given a lot of responsibility and trust. We believe that the best results come when the people responsible for a function are given the freedom to do what they think is best.

If you think you have what it takes to join a remarkable team #apply_now