Governance, Risk, and Compliance (GRC)

Job Description:

We are seeking a highly skilled and experienced GRC (Governance, Risk, and Compliance) Expert to join our team. The ideal candidate will be responsible for ensuring compliance with legal standards, identifying and mitigating risks, and overseeing data privacy practices. The GRC Expert will play a crucial role in developing and implementing governance frameworks, promoting ethical behavior, and monitoring regulatory changes. This role requires a deep understanding of industry best practices, including ISO 27001, SOC 2, PCI, SOX, and specific frameworks such as the Qatar Cyber Security framework and the National Information Assurance (NIA) framework.

Key Responsibilities:

· Develop, implement, and maintain governance, risk, and compliance programs in line with industry best practices and regulatory requirements.

· Conduct risk assessments to evaluate the effectiveness of GRC programs and identify potential risks.

· Ensure compliance with the Qatar Cyber Security framework and the National Information Assurance (NIA) framework.

· Collaborate with process owners, auditors, and stakeholders to analyze, monitor, and address risk management and compliance issues.

· Administer ISO 27001 and SOC 2 compliance programs, assisting with assessments and ensuring adherence to standards.

· Oversee data privacy practices and ensure the protection of information assets from cyber threats.

· Conduct regular audits and assessments to identify gaps and enhance governance, risk management, and compliance processes.

· Provide legal guidance and support compliance initiatives within the organization.

· Promote ethical behavior and foster a culture of integrity within the organization.

· Monitor regulatory changes and ensure the organization remains compliant with all relevant laws and regulations.

· Develop and deliver training programs to enhance awareness of GRC practices and policies.

Qualifications:

· Bachelor's degree in Information Security, Risk Management, or a related field.

· Professional certifications such as CISSP, CISM, CRISC, or equivalent.

· Extensive experience in governance, risk, and compliance roles, preferably within the information security domain.

· In-depth knowledge of industry standards and frameworks, including ISO 27001, SOC 2, PCI, SOX, Qatar Cyber Security framework, and NIA framework.

· Strong analytical and problem-solving skills with the ability to identify and mitigate risks effectively.

· Excellent communication and interpersonal skills, with the ability to collaborate with stakeholders at all levels.

· Proven track record of successfully implementing and managing GRC programs.

Ability to work independently and as part of a team in a fast-paced environment.

Job Type: Full-time

Pay: QAR13,000.00 - QAR15,000.00 per month

Education:

• Bachelor's (Required)

Experience:

• Administer ISO 27001 and SOC 2 compliance programs: 3 years (Required)
• Governance, Risk, and Compliance (GRC): 3 years (Required)

Language:

• Arabic (Required)
• English (Required)

License/Certification:

• degree in Information Security or Risk Management (Required)
• CISSP (Required)
• CISM (Required)
• CRISC (Required)