Role Profile:
The GRC Lead – Privacy, Risk & Access Management will play a pivotal role in strengthening Alshaya Group’s governance, risk, and compliance posture with a core focus on data privacy, enterprise risk management, and identity & access governance. This role will also lead and support cross-functional security projects such as SSO integration and user access reviews, ensuring secure, compliant, and business-aligned identity practices across the enterprise.

The Below Key Performance Areas include but are not limited to:

 Develop and implement privacy and data protection policies aligned with GDPR, KVKK, PDPL, and other regional regulations.
 Conduct DPIAs, PIAs, and privacy risk assessments to ensure responsible data handling.
 Manage enterprise risk through a structured Risk Management Framework and maintain the Enterprise Risk Register.
 Define and enforce IAM policies including RBAC, SoD, and user access reviews.
 Lead or support IAM initiatives such as SSO integrations, PAM implementations, and access certification campaigns.
 Align GRC and IAM practices with standards like ISO 27001, NIST, PCI DSS, and SOX.
 Facilitate internal and external audits, assessments, and third-party reviews.
 Oversee GRC tools and privacy platforms (e.g., Archer, OneTrust, ServiceNow GRC).
 Drive cross-functional projects including policy harmonization and audit remediation.
 Prepare executive-level reports and dashboards for governance and compliance oversight.
 Act as a liaison for privacy, risk, and IAM discussions across departments.
 Promote GRC awareness and training across the organization.

Knowledge:

 Strong understanding of global privacy regulations (e.g., GDPR, KVKK, PDPL) and data protection principles.
 In-depth knowledge of enterprise risk management frameworks and risk assessment methodologies.
 Familiarity with IAM concepts including RBAC, SoD, SSO, PAM, and identity lifecycle management.
 Experience with compliance standards such as ISO 27001, NIST, PCI DSS, and SOX.
 Proficiency in using GRC and privacy management tools (e.g., Archer, OneTrust, ServiceNow GRC).
 Ability to lead cross-functional projects and integrate GRC, IAM, and privacy workflows.
 Strong stakeholder engagement and communication skills for executive and cross-departmental collaboration.
 Analytical skills for conducting DPIAs, PIAs, and interpreting KRIs and audit findings.
 Knowledge of authentication protocols (e.g., SAML, OIDC) and identity governance best practices.
 Experience in managing DSARs, breach responses, and audit readiness activities.
Experience:
 5-7 years experience in Information Security Domain
 Bachelor’s degree in Information Security, Computer Science, Risk Management, or related field. Master’s degree or MBA is a plus.
 CIPP/E, CIPM, or other IAPP certifications; CRISC, CISA, or ISO 27001 Lead Implementer; Identity and Access certifications such as Azure, Okta, or SailPoint; ITIL or PMP for project management is a plus.

Skills:
 Strong understanding of IAM principles, SSO protocols (SAML, OIDC), and identity lifecycle.
 Knowledge of privacy regulations and enterprise risk frameworks.
 Excellent stakeholder management, communication, and cross-functional collaboration skills.
 Proficient in GRC tools , Privacy Tools & Access management platforms.