Senior Manager – Risk & Compliance IST GRC

Job Title : Senior Manager – Risk & Compliance - IST GRC

Job Location : Dubai

Job Summary: Senior Manager directs the strategic and tactical oversight of the organization's governance, risk, and compliance framework. The role is pivotal in developing and championing a comprehensive risk management program, ensuring a proactive and integrated approach to identifying, assessing, and mitigating operational and IT risks. The Senior Manager will oversee all regulatory compliance initiatives and assurance activities to safeguard organizational integrity, foster a culture of accountability, and uphold operational excellence.

Responsibilities:

• Develop and champion a multi-year IT risk and compliance roadmap that aligns with the organization's strategic goals and adapts to the evolving information security and privacy landscape.
• Prepare and present executive-level reports and dashboards on key risk indicators (KRIs), program performance (KPIs), and audit outcomes to the leadership team and board.
• Partner with leadership to define, document, and monitor the organization's risk appetite and tolerance levels by conducting risk assessments not limiting to change and product, enterprise technology risk management, asset risk management.
• Oversee all internal and external audits, serving as the primary point of contact for auditors and ensuring all findings are addressed through robust remediation plans.
• Ensure the organization maintains continuous compliance with all relevant regulatory frameworks (e.g., ISO 27001, GDPR, HIPAA, ADHICS).
• Lead the vendor risk management program, providing oversight on all third-party assessments and ensuring contractual safeguards are in place.
• Serve as a key leader in the incident response process, providing strategic guidance during a major security event and ensuring timely communication and resolution.
• Manage the department's pertinent technology stack, and resource allocation to ensure the team is equipped to meet its objectives.
• Mentor and guide the risk and compliance managers, fostering a culture of accountability, continuous learning, and professional growth.
• Drive initiatives to automate and streamline risk and compliance processes to improve efficiency and reduce manual effort.
• Act as an internal consultant, providing expert advice to business units and project teams on risk, security, privacy, and compliance-related matters.
• Oversee the design, implementation, and effectiveness testing of security controls to proactively mitigate identified risks.
• Build and maintain strong relationships with cross-functional teams, including IT, legal, finance, and business operations, to embed IST GRC principles across the organization.

Requirements:

• Bachelor’s or master’s degree in computer information systems, Information Security, or a related discipline.
• Professional certifications such as CISA, CISM, ISO 27001 Lead Auditor/Implementer, or CGEIT are highly desirable.
• 10+ years of experience in GRC, risk management, Data Privacy, compliance, or cybersecurity.
• 2+ years in a leadership role managing risk or compliance teams.
• Information Security Management Systems (ISMS).
• Strong understanding of GRC frameworks (e.g., COSO, NIST, COBIT, ITIL).
• Experience in developing and managing frameworks and assurance programs pertaining to compliance.
• Experience with regulatory compliance across industries, such as healthcare, financial services, or technology.
• Proficiency in GRC software tools and risk management platforms.
• Knowledge of data privacy regulations (GDPR, CCPA) and information security standards