Ninja

IT GRC Manager

Posted Yesterday

Be an Early Applicant

Riyadh, SAU

In-Office

Senior level

eCommerce • Food • Logistics • Retail

The Role

Lead IT governance, risk, and compliance for a multi-site organization: perform regulatory and IPO gap assessments, manage IT controls and risk register, oversee audits and remediation, coordinate with CIO/CISO and auditors, and ensure vendor and cloud compliance.

Summary Generated by Built In

Welcome to Ninja, where we believe that we are shaping the future. At Ninja, we are passionate about creating user-friendly and visually stunning web applications that push the boundaries in design and innovation. We are looking for an experienced IT GRC Manager to enhance our Governance, Risk, and Compliance framework.

Key Responsibilities

IPO & Regulatory Compliance: Lead IT compliance gap assessments against Saudi NCA ECC, PDPL, and CMA standards. Maintain IT controls evidence for IPO audits and collaborate with auditors, legal, and finance teams to ensure compliance and timely gap closure.
Governance & Policy: Enforce IT policies across 150+ locations, manage IT risk register, and coordinate governance reviews with CIO and CISO to align policies with security and business goals.
Risk Management: Conduct annual and ad-hoc IT risk assessments, set risk appetites, monitor vendor risks, and implement mitigation strategies to safeguard IT assets.
Audit & Assurance: Oversee IT audits, prepare evidence, track findings, ensure timely remediation, and report progress to the CIO.

Requirements

5+ years in IT GRC, audit, or security compliance, with preferred experience in IPO, M&A, or regulatory listings.
Strong knowledge of Saudi NCA ECC and PDPL compliance.
Experience with cloud platforms (AWS, GCP) from a controls and compliance perspective.
Skilled in managing IT governance across multi-site or multi-country environments.
Certifications such as CISA (preferred), CRISC, or ISO 27001 Lead Auditor/Implementer required.
Familiar with frameworks including ISO 27001, NIST CSF, COBIT, and SOC 2.
Excellent report-writing skills and fluency in Arabic and English.

Certifications (minimum of one required):

CISA — preferred
CRISC
ISO 27001 Lead Auditor or Implementer

Skills:

In-depth understanding of ISO 27001, NIST CSF, COBIT, and SOC 2 frameworks
Capability to convert regulatory requirements into effective IT controls
Exceptional written communication skills — reports will be submitted to the CIO, CISO, and Board members
Fluency in both Arabic and English is mandatory

Skills Required

5+ years in IT GRC, audit, or security compliance
Experience in IPO, M&A, or regulatory listings
Strong knowledge of Saudi NCA ECC and PDPL compliance
Experience with cloud platforms (AWS, GCP) from a controls and compliance perspective
Skilled in managing IT governance across multi-site or multi-country environments
CRISC certification
ISO 27001 Lead Auditor or Implementer certification
CISA certification
Familiarity with ISO 27001, NIST CSF, COBIT, and SOC 2 frameworks
Excellent report-writing skills
Fluency in Arabic and English

View all jobs at Ninja

View Ninja Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

0 Employees

Year Founded: 2022

What We Do

Ninja is an online supermarket and delivery platform founded in 2022 in Riyadh, Saudi Arabia. It provides a wide range of products, including groceries, beauty, and household essentials, delivered in under 30 minutes through a network of dark stores. The company operates across Saudi Arabia and has expanded its services to other GCC countries, focusing on speed, reliability, and convenience for its customers.