.png?1732004734){kind=logo}
Back to jobs
BCM & IT Risk Manager
Riyadh, Riyadh, Saudi Arabia
Who Are We
HALA is a leading fintech player in the MENAP region that aims to redefine financial services and build the future bank of SMEs. HALA aims at empowering SMEs to start, run, and grow their businesses by providing them with cutting-edge financial and technological tools.
HALA currently holds multiple entities in UAE, Saudi Arabia and Egypt (including HALA Payments, HALA Cashier and HALA Logistics) and offers solutions that enable merchants to digitize their payments as well as manage their sales and operations.
Founded in 2017, HALA is currently duly licensed by the Saudi Arabian Central Bank as well as the Financials Services Regulatory Authority (FSRA) in Abu Dhabi Global Market.
Position Overview:
A seasoned professional to maintain and enhance a Business Continuity Management (BCM) and IT Risk Management program in alignment with the SAMA BCM Framework and SAMA Cybersecurity Framework. The role ensures organizational resilience, regulatory compliance, and operational stability across critical fintech services.
Key Responsibilities
Governance & Regulatory Alignment:
• Develop and maintain the BCM Policy and Framework in compliance with the SAMA BCM Framework and related circulars.
• Ensure clear BCM governance structure, roles, and responsibilities across the organization.
• Report regularly to senior management, the Board Risk Committee, and SAMA on BCM and IT risk posture.
• Oversee regulatory inspections, audits, and provide evidence of BCM program maturity.
• Develop and maintain the BCM Policy and Framework in compliance with the SAMA BCM Framework and related circulars.
• Ensure clear BCM governance structure, roles, and responsibilities across the organization.
• Report regularly to senior management, the Board Risk Committee, and SAMA on BCM and IT risk posture.
• Oversee regulatory inspections, audits, and provide evidence of BCM program maturity.
Business Continuity Management (SAMA-Aligned)
• Conduct BCM-Risk Assessment (RA) to identifies critical threats to business processes and services.
• Conduct Business Impact Analysis (BIA) to identify critical functions, Maximum Tolerable Downtime (MTD), Recovery Time Objective (RTO), and Recovery Point Objective (RPO).
• Develop and maintain Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs) for critical business services.
• Ensure recovery strategies and alternate site arrangements are tested and documented.
• Lead regular BCM testing, including scenario-based crisis simulations and annual DR site tests as required by SAMA.
• Integrate BCM requirements into third-party vendor management and ensure outsourcing risks are assessed.
• Ensure BCM awareness training for employees and continuous improvement culture.
• Conduct Business Impact Analysis (BIA) to identify critical functions, Maximum Tolerable Downtime (MTD), Recovery Time Objective (RTO), and Recovery Point Objective (RPO).
• Develop and maintain Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs) for critical business services.
• Ensure recovery strategies and alternate site arrangements are tested and documented.
• Lead regular BCM testing, including scenario-based crisis simulations and annual DR site tests as required by SAMA.
• Integrate BCM requirements into third-party vendor management and ensure outsourcing risks are assessed.
• Ensure BCM awareness training for employees and continuous improvement culture.
IT Risk & Cyber Resilience
• Develop and maintain an IT Risk Management Framework aligned with SAMA Cybersecurity Framework and ISO 27005.
• Identify, assess, and mitigate risks related to IT infrastructure, fintech platforms, digital payments, and cloud environments.
• Maintain IT risk registers, KRIs, and dashboards, reporting material risks to executive management and the Board.
• Support regulatory compliance for PCI-DSS, GDPR, ISO 27001, and NCA cybersecurity mandates.
• Evaluate third-party providers and cloud services for IT risk and resilience requirements.
• Ensure alignment between BCM, IT Disaster Recovery, and Cybersecurity incident response plans.
• Develop and maintain an IT Risk Management Framework aligned with SAMA Cybersecurity Framework and ISO 27005.
• Identify, assess, and mitigate risks related to IT infrastructure, fintech platforms, digital payments, and cloud environments.
• Maintain IT risk registers, KRIs, and dashboards, reporting material risks to executive management and the Board.
• Support regulatory compliance for PCI-DSS, GDPR, ISO 27001, and NCA cybersecurity mandates.
• Evaluate third-party providers and cloud services for IT risk and resilience requirements.
• Ensure alignment between BCM, IT Disaster Recovery, and Cybersecurity incident response plans.
Monitoring & Reporting
• Provide periodic updates to the BCM Steering Committee, Executive Management, and the Board.
• Prepare and submit BCM/IT risk reports as mandated by SAMA supervisory requirements.
• Track, escalate, and remediate weaknesses identified in drills, audits, or regulatory reviews.
• Provide periodic updates to the BCM Steering Committee, Executive Management, and the Board.
• Prepare and submit BCM/IT risk reports as mandated by SAMA supervisory requirements.
• Track, escalate, and remediate weaknesses identified in drills, audits, or regulatory reviews.
Qualifications
• Bachelor’s degree in risk management, Business Continuity, Information Security, or IT.
• Professional certifications (preferred):
• BCM: ISO 22301 Lead Implementer, CBCP, or MBCI.
• Risk & Security: CRISC, CISM, CISSP, ISO 27001 Lead Implementer.
• 7–10 years of experience in BCM, IT risk, or operational resilience, preferably in fintech, payments, or banking.
• Deep knowledge of SAMA BCM Framework, SAMA Cybersecurity Framework, and local regulatory requirements (CMA, NCA).
• Strong communication and leadership skills to engage regulators, senior executives, and crisis teams.
• Bachelor’s degree in risk management, Business Continuity, Information Security, or IT.
• Professional certifications (preferred):
• BCM: ISO 22301 Lead Implementer, CBCP, or MBCI.
• Risk & Security: CRISC, CISM, CISSP, ISO 27001 Lead Implementer.
• 7–10 years of experience in BCM, IT risk, or operational resilience, preferably in fintech, payments, or banking.
• Deep knowledge of SAMA BCM Framework, SAMA Cybersecurity Framework, and local regulatory requirements (CMA, NCA).
• Strong communication and leadership skills to engage regulators, senior executives, and crisis teams.
Key Competencies
• Regulatory expertise in SAMA BCM Framework and fintech resilience standards.
• Strong analytical, problem-solving, and governance skills.
• Ability to lead crisis management and incident response under pressure.
• Balance between business agility and regulatory compliance.
• Regulatory expertise in SAMA BCM Framework and fintech resilience standards.
• Strong analytical, problem-solving, and governance skills.
• Ability to lead crisis management and incident response under pressure.
• Balance between business agility and regulatory compliance.
What We Offer You
We believe you will love working at HALA!
We believe you will love working at HALA!
- We have an inclusive and diverse culture that encourages innovation and flexibility in remote, in-office, and hybrid work setups.
- We offer highly competitive compensation packages, including the potential for shares.
- We prioritize personal development and offer regular training and an annual learning stipend to tackle new challenges and grow your career in a hyper-growth environment.
- Join a talented team of over 30 nationalities working in 7 countries and gain valuable experience in an exciting industry.
- We offer autonomy, mentoring, and challenging goals that create incredible opportunities for both you and the company.
- You will be given a lot of responsibility and trust. We believe that the best results come when the people responsible for a function are given the freedom to do what they think is best.
If you think you have what it takes to join a remarkable team #apply_now
Create a Job Alert
Interested in building your career at HALA? Get future opportunities sent straight to your email.
Apply for this job
*
indicates a required field