Seen Tarbi for Financial Technology is permitted by the Saudi Central Bank to test its innovative services under the Regulatory Sandbox environment.
Governance, Risk and Compliance (GRC)
In today’s dynamic regulatory and cyber threat landscape, Saudi organizations must ensure robust governance, risk management, and regulatory compliance. Our GRC services help businesses across financial, governmental, and private sectors in the Kingdom of Saudi Arabia align with SAMA’s frameworks, NCA’s cybersecurity controls, and global best practices.
Enterprise GRC Strategy & Framework Development
- Design and implementation of GRC frameworks based on ISO/IEC 27001:2022, COBIT, and NIST.
- Integration with Saudi-specific regulatory mandates including SAMA’s Cybersecurity Framework and NCA Essential Cybersecurity Controls (ECC)
- Development of Governance Operating Models and Risk Taxonomies.
Regulatory Compliance Readiness & Audits
- SAMA Compliance (Cybersecurity, ETGRM, TRM, Open Banking)
- NCA ECC Implementation and Readiness
- Personal Data Protection Law (PDPL) compliance assessments and controls
- PCI DSS gap assessments and remediation strategies
- ISO/IEC 27001:2022 and ISO 27701 implementation
Risk Management Services
- Enterprise Risk Management (ERM) Frameworks
- Risk Assessment and Treatment Plans
- Threat Modeling and Risk Scenarios aligned with SBP and SAMA guidelines
- Third-Party Risk Management (TPRM) and Vendor Assessments
Internal Audit and Control Testing
- IT General Controls (ITGC) and application controls audit
- Continuous audit program design and implementation
- Internal audit co-sourcing/outsourcing with local and regional expertise
Policy and Procedure Development
- Development and localization of Information Security, Data Privacy, and IT Governance policies
- Tailored policies in alignment with SAMA, NCA, PDPL, and ISO standards