Governance, Risk, and Compliance (GRC) Specialist

Paratus Cybersecurity • Full-time • دبي, AE • 2d ago

Job Description: Governance, Risk, and Compliance (GRC) Specialist

Company: Paratus Cyber Risk Management Services LLC

We are looking for a motivated and detail-oriented Governance, Risk, and Compliance (GRC) Specialist to join Paratus Cyber Risk Management Services LLC. This role is integral to our mission of delivering cutting-edge risk management and compliance solutions to our clients. The ideal candidate will have 3–5 years of GRC experience, particularly in policy development, risk assessments, compliance management, and leveraging GRC tools.

As part of our team, you will work closely with cross-functional teams to ensure compliance with global and regional regulations, frameworks, and standards, including ISO 27001, GDPR, PDPL, SAMA Cybersecurity Framework, and NCA-ECC guidelines.

Key Responsibilities:

Policy Development and Documentation

Develop, review, and maintain comprehensive technical policies, procedures, and guidelines aligned with ISO 27001, GDPR, PDPL, SAMA Cybersecurity Framework, NCA-ECC, and other relevant regulations.
Collaborate with technical and business teams to integrate operational details into policy frameworks.
Tailor policies to address specific organizational risks, client requirements, and industry best practices.

Risk Management

Identify and evaluate risks related to information security, privacy, and regulatory compliance.
Develop and implement risk treatment plans, including mitigation strategies.
Maintain and update a risk register, ensuring transparency and regular reporting to senior management.
Apply risk management frameworks, such as COSO, COBIT, NIST, and SAMA Cybersecurity Framework, to assess and address organizational risks.

Compliance Management

Ensure compliance with global standards such as GDPR, ISO 27001, SOC2, and regional regulations including PDPL, SAMA Cybersecurity Framework, and NCA-ECC guidelines.
Facilitate internal and external audits to demonstrate adherence to regulatory and policy requirements.
Monitor and close compliance gaps through coordination with internal teams and external stakeholders.

Training and Awareness

Develop and deliver training programs on policies, compliance requirements, and best practices.
Conduct awareness campaigns focused on governance, risk, and compliance for employees and stakeholders.
Update training materials to reflect evolving regulatory and organizational needs.

Monitoring and Reporting

Monitor and evaluate the effectiveness of governance, risk, and compliance programs.
Prepare detailed reports on GRC metrics, risk status, and compliance progress for senior leadership and stakeholders.

GRC Tools and Technology

Utilize and manage GRC tools and platforms to streamline GRC processes.
Develop dashboards and automated workflows to track compliance and risk management efforts.
Ensure integration of GRC tools with other organizational systems to enable efficient reporting and monitoring.

Cross-functional Collaboration

Collaborate with IT, legal, operations, and external consultants to ensure integrated compliance and risk management.
Act as a liaison between technical and non-technical teams to ensure seamless implementation of GRC initiatives.

Requirements:

Qualifications

Bachelor’s degree in Information Security, Business Administration, Legal Studies, or a related field.
3–5 years of GRC experience with a proven track record in policy drafting, risk management, and compliance.
Deep knowledge of regulatory frameworks such as GDPR, ISO 27001, PCI-DSS, SAMA Cybersecurity Framework, NCA-ECC, and PDPL.
Familiarity with global risk management frameworks, including COSO, COBIT, and NIST.
Experience with GRC tools like is highly desirable.

Key Skills and Attributes

Exceptional written and verbal communication skills, with an ability to create clear, concise policies and documentation.
Strong analytical and problem-solving skills to assess risks and propose mitigation strategies.
Ability to handle multiple priorities in a fast-paced environment.
High attention to detail and a commitment to upholding organizational integrity.
Capability to work independently and collaboratively with diverse teams.

Preferred Certifications (Desirable but Not Mandatory)

Certified Information Systems Auditor (CISA/CISM)
Certified Risk and Information Systems Control (CRISC)
ISO 27001 Lead Implementer/Auditor
Certified in Governance of Enterprise IT (CGEIT)
Data Protection Officer (DPO) Certification
Regional certifications related to SAMA Cybersecurity Framework or PDPL compliance.

Why Join Us?

At Paratus Cyber Risk Management Services LLC, you will have the opportunity to work on cutting-edge compliance and risk management projects, collaborate with a dynamic team, and play a pivotal role in shaping the GRC landscape for our clients. We are committed to fostering a culture of excellence and continuous learning.

If you meet the qualifications and are passionate about governance, risk, and compliance, we encourage you to apply!