Responsibilities:

1. Governance & Compliance Expert

• Design, implement, and manage GRC frameworks (e.g., ISO 27001, PCI-DSS, FRA Regulation, SOC 2) tailored to client needs.
• Develop and maintain security policies, standards, and procedures aligned with regulatory requirements (ISO27001, PCI-DSS, etc.).
• Lead compliance audits (internal/external) and certification processes (e.g., ISO 27001, PCI-DSS).
• Conduct gap analyses and maturity assessments to identify areas for improvement.

2. Risk Management & Assessment

• Perform enterprise-wide risk assessments to identify threats, vulnerabilities, and business impacts.
• Create risk treatment plans, mitigation strategies, and risk registers for clients.
• Advise on third-party/vendor risk management, including due diligence and contract reviews.

3. Client Advisory & Collaboration

• Act as a trusted advisor to clients, translating technical risks into business terms for executives and stakeholders.
• Deliver executive-level reports, dashboards, and workshops on GRC initiatives.
• Support pre-sales activities (scoping, proposals) and post-sales service delivery to ensure client success.

4. Audit & Documentation

• Prepare and maintain audit documentation (e.g., ISO evidence, PCI Compliance Report).
• Manage remediation efforts for audit findings and compliance gaps.
• Stay updated on evolving regulations and industry standards.

6. Strategic Initiatives

• Lead security awareness programs for clients, including training and phishing simulations.
• Mentor junior team members and contribute to internal knowledge sharing.

Requirements:

• 3+ years in GRC, IT risk management, or cybersecurity compliance.
• Expertise in 2+ frameworks/regulations (e.g., ISO 2700, PCI-DSS, CIS Controls).
• Certifications: relevant GRC certification like ISO27001 LI/LA, GRCP, CISSP.
• Strong client-facing skills with the ability to simplify complex technical concepts.
  

• للتقديم الان