Director of Governance, Risk, and Compliance

Do you want to love what you do at work? Do you want to make a difference, an impact, and transform peoples lives? Do you want to work with a team that believes in disrupting the normal, boring, and average?

If yes, then this is the job you are looking for , webook.com is Saudi’s #1 event ticketing and experience booking platform in terms of technology, features, agility, revenue serving some of the largest mega events in the Kingdom surpassing over 2 billion in sales.  

Role Overview:
The Director of Governance, Risk & Compliance will establish and lead webook.com's GRC function, building the frameworks, processes, and culture needed to manage risk and ensure compliance across our operating markets.

This is a foundational role for the company. The successful candidate will be responsible for designing, implementing, and embedding the governance, risk, compliance, policy, and internal control frameworks needed to support webook.com’s continued growth, international expansion, and transition into a more structured corporate environment.

The role requires someone who is both highly experienced and highly hands-on. The right candidate must be comfortable operating as an individual contributor: drafting policies, building risk registers, preparing board materials, setting up controls, running compliance reviews, and working directly with teams to close gaps. Over time, the Director will build and lead the GRC function as the business scales.

Key Responsibilities:

Governance Framework & Board Support

• Design and implement webook.com’s enterprise governance framework, including policies, approval authorities, decision-making protocols, committees, reporting cadences, and escalation paths.
• Support the company’s transition from founder-led/startup-style operations to a more structured governance model without slowing down execution unnecessarily.
• Establish clear accountability structures across departments, markets, and leadership forums.
• Develop and maintain a company-wide policy framework and policy library covering key operational, financial, legal, technology, data, people, and regulatory areas.
• Support board governance requirements by preparing clear, structured reporting on key risks, compliance matters, governance gaps, and mitigation plans.
• Work with executive leadership to ensure board decisions, actions, and follow-ups are tracked and implemented.
• Help establish governance routines such as risk committees, compliance reviews, policy approval processes, and management reporting cycles.

Enterprise Risk Management

• Build and own the company’s Enterprise Risk Management framework from scratch.
• Develop and maintain the enterprise risk register, including strategic, operational, financial, regulatory, technology, cyber, third-party, reputational, and market-specific risks.
• Define risk assessment methodologies, scoring criteria, risk ownership, risk appetite, escalation thresholds, and mitigation planning processes.
• Partner with business leaders to identify, assess, prioritize, and manage risks across functions and geographies.
• Embed risk management into business planning, international expansion, product launches, vendor selection, major commercial deals, and operational decision-making.
• Provide regular risk reporting to executive leadership and the Board, including key risk indicators, emerging risks, mitigation progress, and areas requiring attention.
• Ensure risk management is practical, business-focused, and suitable for a fast-moving growth environment.

Compliance

• Establish and manage the company’s compliance framework across all operating markets, and future international markets.
• Identify applicable laws, regulations, licensing requirements, contractual obligations, and internal policies relevant to the business.
• Monitor regulatory developments and assess their impact on webook.com’s operations, platform, commercial activities, data practices, and international expansion.
• Lead compliance gap assessments and develop practical remediation plans.
• Create compliance calendars, checklists, registers, and reporting mechanisms to ensure obligations are tracked and met.
• Partner with Legal, Finance, People, Product, Engineering, Commercial, and Operations teams to ensure compliance requirements are understood and implemented.
• Manage relationships with external advisors, regulators, auditors, and consultants where required.
• Ensure compliance is embedded into everyday operations rather than treated as a separate administrative exercise.

Internal Controls, Policies & Audit Readiness

• Design and implement practical internal controls across key business areas, including finance, procurement, contracting, approvals, vendor management, data protection, information security governance, and operational processes.
• Develop clear policy ownership, review cycles, approval workflows, and communication processes.
• Establish procedures for monitoring control effectiveness and tracking remediation actions.
• Prepare the company for internal audits, external audits, investor due diligence, regulatory reviews, and board-level governance reviews.
• Work with Finance, Legal, Operations, and Technology to ensure appropriate documentation, evidence, and control records are maintained.
• Identify control gaps and work with teams to implement solutions that are pragmatic, scalable, and appropriate for the company’s stage of growth.

Technology, Data & Platform Compliance

• Oversee data privacy and protection compliance (PDPL, GDPR, and equivalent regulations)
• Partner with Product and Engineering to ensure platform features meet regulatory requirements
• Lead information security governance in coordination with the technology team

Team Building & Leadership

• Build and lead the GRC team from the ground up
• Act as the internal subject matter expert on all governance, risk, and compliance matters
• Foster a culture of integrity, accountability, and risk awareness across the organization

Reporting & Executive Engagement

• Provide regular GRC updates and risk reports to executive leadership
• Prepare board-level reporting on key risks, compliance posture, and governance health
• Develop dashboards and metrics to track GRC performance

• 10+ years of experience in governance, risk, compliance, or a related field
• Demonstrated experience building or significantly scaling a GRC function
• Strong knowledge of regulatory frameworks relevant to tech platforms, marketplaces, or e-commerce
• Familiarity with data privacy regulations, including PDPL and GDPR
• Experience operating across multiple markets, ideally within the MENA region
• Excellent stakeholder management and executive communication skills
• Relevant certifications are a plus (e.g. CISA, CRISC, CISM, ICA)
• Comfortable with ambiguity and able to move fast in a high-growth environment