The GRC (Governance, Risk, and Compliance) Specialist designs, implements, and maintains governance, risk, and compliance frameworks to ensure adherence to regulatory, legal, and internal policy requirements. Responsibilities include performing risk assessments, managing and supporting audits, and developing and updating policies, standards, and controls to enhance the organization’s security and risk posture. The role requires experience with DESC ISR v3, ISO 27001, ISO 27701, ISO 20000, ISO 31000, and UAE PDPL compliance programs.
Responsibilities:
- Identify, assess, and mitigate IT-related risks while maintaining a comprehensive risk register.
- Ensure compliance with standards such as DESC ISR v3, ISO 27001, ISO 27701, ISO 20000, ISO 31000, and UAE PDPL, and manage internal and external audits.
- Develop, implement, and update organization-wide policies, procedures, and controls.
- Monitor compliance levels, report on risk posture to stakeholders, and track changes in relevant regulations.
- Promote security awareness and compliance through organization-wide training initiatives.
Qualification and Job specific skills:
- Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field.
- Relevant certifications preferred (e.g., CISSP, CISA, CISM, CRISC Certification or equivalent).
- Proficiency in NIST Cybersecurity Framework, DESC ISR v3, ISO 27001/27701, and regulatory requirements like UAE PDPL or equivalent GDPR.
- Should have 8-10 years of experience in IT risk management, compliance, or information security.
- Excellent communication and interpersonal relationship building skills.
- Strong problem solving and analytical ability.
