Senior Cyber GRC Analyst I

Careem is building the Everything App for the greater Middle East, making it easier than ever to move around, order food and groceries, manage payments, and more. Careem is led by a powerful purpose to simplify and improve the lives of people and build an awesome organisation that inspires. Since 2012, Careem has created earnings for over 2.5 million Captains, simplified the lives of over 70 million customers, and built a platform for the region's best talent to thrive and for entrepreneurs to scale their businesses. Careem operates in over 70 cities across 10 countries, from Morocco to Pakistan.

Careem is looking for a Senior Cyber GRC Analyst to join our GRC team. The ideal candidate will have hands-on experience implementing PCI DSS requirements and ISO 27001 standards, including leading or supporting end-to-end certification efforts. This role requires close collaboration with both business and technical teams across the global organization to execute the Information Security Governance, Risk & Compliance (GRC) strategy, extending and tailoring processes as needed to help identify, assess, and manage information security risks to an acceptable level.

What you'll do

• Support the influence and adoption of Information Security controls, standards, policies, procedures, and communications across the organization
• Work closely with the GRC Manager to advise global process owners on necessary Information Security controls for risk mitigation, in alignment with the InfoSec Risk & Controls framework and relevant regulatory and industry standards
• Be proficient in developing and delivering comprehensive Information Security assessments, metrics and reporting tailored for various leadership levels
• Contribute to the planning and coordination of Information Security awareness and training programs across Careem's global business units and subsidiaries
• Demonstrated hands-on experience in implementing and aligning with regulatory and industry standards, including the PCI DSS, ISO 27001 and NIST Cybersecurity Framework (CSF), with a proven track record of supporting or leading certification and audit readiness efforts
• Collaborates with Procurement, Data Privacy, and Legal teams to ensure that information security requirements and contractual protections are adequately addressed in all third-party vendor agreements, particularly where sensitive or regulated data is involved
• Maintains and contributes to the Information Security Risk Register, ensuring all risks are accurately identified, assessed, documented, and tracked with clear mitigation plans aligned to organizational risk appetite
• Advises and supports business units in identifying, understanding, and managing IT and Security risks, promoting a risk-aware culture and enabling informed decision-making across technical and non-technical stakeholders

Qualification

A degree in Computer Science, Computer Engineering or Electrical Engineering or obtained relevant security certifications

What you'll need

• 5-8 years of experience in Information Security Governance, Risk and Compliance
• 1-2 years of experience in managing security-related projects
• In-depth familiarity with security policies based on industry standards and best practices
• Experience working with AWS services
• Ability to lead and communicate efficiently within a team environment
• Advanced technical writing skills
• Strong attention to detail
• Problem-solving
• Time management

What we'll provide you

We offer colleagues the opportunity to drive impact in the region while they learn and grow. As a full time Careem colleague, you will be able to:

• Work and learn from great minds by joining a community of inspiring colleagues.
• Put your passion to work in a purposeful organisation dedicated to creating impact in a region with a lot of untapped potential.
• Explore new opportunities to learn and grow every day.
• Work 4 days a week in office & 1 day from home, and remotely from any country in the world for 30 days a year with unlimited vacation days per year. (If you are in an individual contributor role in tech, you will have 2 office days a week and 3 to work from home.)
• Access to healthcare benefits and fitness reimbursements for health activities including gym, health club, and training classes.

*

indicates a required field

First Name *

Last Name *

Email *

Phone *

Location (City) *

Resume/CV *

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Current Employer *

Current Job Title *

LinkedIn Profile *

How did you learn about a role at Careem? (tick all that apply) *

I saw the job posting on Linkedin and decided to apply

I saw the job posting on Careem's Careers Page and decided to apply

I saw the job posting on Localized and decide to apply

A recruiter from Careem reached out to me and encouraged me to apply

A recruiter external to Careem reached out to me and encouraged me to apply

I had a conversation with a friend or acquaintance who works at Careem

I attended a University event or career fair and met a representative from Careem

I read about Careem in the news

Other

Have you seen Careem's content on social media? * Select...

If Yes, please specify the platform (tick all that apply) *

LinkedIn

Twitter

TikTok

Instagram

Other

What influenced your decision to apply for a role at Careem? (tick all that apply) *

Careem's purpose and values

The career growth and development opportunities offered at Careem

Financial compensation and colleague benefits

The job description aligns with my skills and qualifications

Working with top talent at the organisation

Community of inspiring colleagues

The opportunity to drive impact

Other

Have you previously worked at Careem? * Select...

To which gender identity do you most identify: Select...

Voluntary Self-Identification

Completion of this question is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter.

As outlined in Careem's Equal Employment Opportunity policy, we do not discriminate based on any protected group status under any applicable law.

The collection of demographic information is for internal purposes only i.e. equal employment opportunity monitoring as well as diversity initiatives.