Senior Cyber GRC Analyst I

Careem is building the Everything App for the greater Middle East, making it easier than ever to move around, order food and groceries, manage payments, and more. Careem is led by a powerful purpose to simplify and improve the lives of people and build an awesome organisation that inspires. Since 2012, Careem has created earnings for over 2.5 million Captains, simplified the lives of over 70 million customers, and built a platform for the region's best talent to thrive and for entrepreneurs to scale their businesses. Careem operates in over 70 cities across 10 countries, from Morocco to Pakistan.

Careem is looking for a Senior Cyber GRC Analyst to join our GRC team. The ideal candidate will have hands-on experience implementing PCI DSS requirements and ISO 27001 standards, including leading or supporting end-to-end certification efforts. This role requires close collaboration with both business and technical teams across the global organization to execute the Information Security Governance, Risk & Compliance (GRC) strategy, extending and tailoring processes as needed to help identify, assess, and manage information security risks to an acceptable level.

What you'll do

• Support the influence and adoption of Information Security controls, standards, policies, procedures, and communications across the organization
• Work closely with the GRC Manager to advise global process owners on necessary Information Security controls for risk mitigation, in alignment with the InfoSec Risk & Controls framework and relevant regulatory and industry standards
• Be proficient in developing and delivering comprehensive Information Security assessments, metrics and reporting tailored for various leadership levels
• Contribute to the planning and coordination of Information Security awareness and training programs across Careem's global business units and subsidiaries
• Demonstrated hands-on experience in implementing and aligning with regulatory and industry standards, including the PCI DSS, ISO 27001 and NIST Cybersecurity Framework (CSF), with a proven track record of supporting or leading certification and audit readiness efforts
• Collaborates with Procurement, Data Privacy, and Legal teams to ensure that information security requirements and contractual protections are adequately addressed in all third-party vendor agreements, particularly where sensitive or regulated data is involved
• Maintains and contributes to the Information Security Risk Register, ensuring all risks are accurately identified, assessed, documented, and tracked with clear mitigation plans aligned to organizational risk appetite
• Advises and supports business units in identifying, understanding, and managing IT and Security risks, promoting a risk-aware culture and enabling informed decision-making across technical and non-technical stakeholders

Qualification

A degree in Computer Science, Computer Engineering or Electrical Engineering or obtained relevant security certifications

What you'll need

• 5-8 years of experience in Information Security Governance, Risk and Compliance
• 1-2 years of experience in managing security-related projects
• In-depth familiarity with security policies based on industry standards and best practices
• Experience working with AWS services
• Ability to lead and communicate efficiently within a team environment
• Advanced technical writing skills
• Strong attention to detail
• Problem-solving
• Time management

What we'll provide you

We offer colleagues the opportunity to drive impact in the region while they learn and grow. As a full time Careem colleague, you will be able to:

• Work and learn from great minds by joining a community of inspiring colleagues.
• Put your passion to work in a purposeful organisation dedicated to creating impact in a region with a lot of untapped potential.
• Explore new opportunities to learn and grow every day.
• Work 4 days a week in office & 1 day from home, and remotely from any country in the world for 30 days a year with unlimited vacation days per year. (If you are in an individual contributor role in tech, you will have 2 office days a week and 3 to work from home.)
• Access to healthcare benefits and fitness reimbursements for health activities including gym, health club, and training classes.