GRC Manager

byteSpark.ai

About the job

A client of byteSpark.ai based in Dubai is seeking a seasoned and strategic GRC Manager to spearhead its risk management function. In this pivotal role, the selected candidate will leverage 12+ years of hands-on experience and an engineering background to build and mature a robust, risk-centric GRC program. The role requires designing, implementing, and continuously improving a comprehensive risk management framework tailored to the technological and operational realities of the FinTech landscape. This leadership position demands close collaboration with engineering and product teams to embed security-by-design principles throughout the development lifecycle. The GRC Manager will define the enterprise risk appetite, develop and monitor key risk indicators, and deliver clear, actionable insights to executive leadership and the Board. The successful candidate will also lead quantitative risk analysis and oversee responses to significant incidents, ensuring the resilience and integrity of the platform. This opportunity is ideal for a technical leader passionate about establishing a proactive, data-driven risk culture.


Bachelor's degree or higher in Engineering, Computer Science, or a related technical field.

A minimum of 12 years of progressive, hands-on experience in technology risk management, cybersecurity, or GRC.

Demonstrated experience in designing, implementing, and managing risk management frameworks (e.g., COSO, ISO 31000, NIST RMF).

Proven experience within the Fintech, banking, or financial services industry, with a deep understanding of its specific risk profile.

Strong background in collaborating with engineering and product teams to integrate risk controls into the SDLC (Software Development Lifecycle).

Expertise in quantitative risk analysis methodologies and modeling (e.g., FAIR, Monte Carlo simulations).

Experience leading incident response and crisis management for significant technology or security events.

Proven ability to define risk appetite and present complex risk topics to executive leadership and board-level stakeholders.


Professional certifications such as CRISC, CISM, CISSP, or CGEIT.

Experience with GRC automation platforms (e.g., ServiceNow GRC, Archer, LogicGate).

In-depth knowledge of cloud security principles and risk management for IaaS/PaaS/SaaS environments (AWS, Azure, GCP).

Familiarity with key regulations and standards impacting Fintech, such as PCI-DSS, GDPR, and SOX.

Hands-on experience with security architecture and secure coding practices.