GRC Specialist

We are looking to hire a GRC Specialist to work in the information security division within the CTO office and be responsible for improving the security posture of client with hands-on experience in developing and implementing the policy, standards, and guidelines to support the compliance initiative.

Responsibilities

  • He/She will work with the Head of Information Security to assist and implement an information security management system compliant with UAE IA, SAMA CSF, SOC2, and ISO 27001.
  • Conduct organization-wide information security awareness training.
  • Use your experience with the NIST standards and special publications to maintain and update security policies, technical guidance, and Standard Operating Procedures (SOPs).
  • Perform periodic reviews to identify and inform recommendations for improving policies, processes, and procedures based on new and evolving global standards.
  • Ensure compliance with industry regulations and standards.
  • Conduct risk assessments and facilitate risk mitigation activities across various business functions.
  • Collaborate with internal teams to establish and maintain effective control measures.
  • You have experience in conducting risk analysis and maintaining a risk register.
  • Work on the supplier risk management program and interact with the customer on the security questionnaire.
  • Execute periodic activities as required to achieve compliance with ISO 27001.
  • Assist and coordinate with various teams in annual external audits of ISO27001.

Qualifications

  • Bachelor’s degree in Computer Science, Information Security, or a related field with a Minimum of 8 years experience in information security-related work
  • Professional certifications such as CISSP, CISM, CISA, CRISC, and CGEIT
  • Knowledge and understanding of Information Security risk assessment frameworks such as SAMA, OCTAVE, COBIT, ISO 27005, and NIST 800-30.
  • Extensive experience in security governance, risk management, and compliance.
  • Solid understanding of regulatory requirements (e.g., ADGM Data protection, KSA NDMO, Personal Data Protection) and industry standards (e.g., ISO 27001, SAMA CSF, UAE IA, KSA NCA ECC, SALSA, SOC2, and NIST Cybersecurity Framework).
  • Excellent communication and interpersonal skills, including presentations and writing risk papers, with the ability to collaborate effectively with stakeholders at all levels.
  • Experience in financial services or regulated environments is preferred.
  • Previous experience in cloud security is an advantage.
To apply, please send your resume to careers@defentrix.com