Tamheer - Specialist of Compliance

This role is conducted within the vision, mission, and strategic plan of the Insurance Authority Tasked with safeguarding the organization’s license to operate, the Specialist of Compliance executes disciplined, daily cybersecurity governance that evidences conformity with national regulations, global standards, and internal policies Reporting to the Manager of Compliance, this role will sustain an audit-ready control environment by curating precise documentation, orchestrating evidence collection, and tracking remediation through enterprise GRC tooling By translating emerging regulatory directives into actionable obligations and performance indicators, the incumbent fortifies operational resilience and mitigates reputational, financial, and regulatory exposure The position therefore underpins executive assurance, empowers informed risk-based decisions, and embeds a culture of continuous improvement across the cybersecurity estate.

• Monitor daily publications, circulars, and advisories from SAMA, NCA, and ISO committees, flagging new or changed requirements to the Manager of Compliance.
• Maintain the division’s obligation register in the Archer GRC platform, mapping each article to relevant internal controls and owners.
• Prepare concise impact-analysis briefs for weekly team huddles, outlining required updates to policies, procedures, or technical baselines.
• Create, edit, and version‑control policies, procedures, and work‑instructions in SharePoint, ensuring approval metadata and retention labels are correctly applied.
• Archive control evidence, exceptions, and management responses in Confluence so that artefacts are audit‑ready at all times.
• Populate compliance KPI dashboards with status metrics, overdue actions, and control‑effectiveness scores for management review.
• Coordinate timely evidence collection from control owners for scheduled internal, external, and regulatory audits, validating completeness against sampling criteria.
• Execute checklist‑based walkthroughs and first‑line control tests under close supervision, recording observations and remediation actions in the GRC tool.
• Track open audit findings, follow up with stakeholders on remediation progress, and update issue logs until formal closure is confirmed.
• Prepare slide decks, quick‑reference guides, and email bulletins that support compliance awareness sessions across the Cybersecurity Department.
• Document post‑audit lessons learned and recommend procedural refinements to reduce recurring non‑conformities.
• Respond to standard vendor due‑diligence questionnaires by gathering SOC reports, ISO certificates, and approved security statements from internal repositories.
• Perform other job duties as assigned.

• Bachelor's Degree in Risk Management, Business Administration, Finance or a related field

• Relevant professional certification (eg, CCO, GRCP, CRMP, GRCA, CRCM) is required

• A Bachelor's degree is required

(A1-A2: Basic, B1-B2: Intermediate, C1-C2: Fluent)

• English (C1), Arabic (C2)

• Ethics & Integrity (Beginner)
• Effective Communication (Beginner)
• Collaboration & Horizontality (Beginner)
• Personal Competence (Beginner)
• Analysis and Problem Solving (Beginner)
• Compliance Management (Beginner)
• Compliance Monitoring (Beginner)
• Regulatory Reporting (Beginner)
• Awareness and Training (Beginner)
• Ethics and Integrity Framework (Beginner)