Job Summary
The IT GRC Specialist is responsible for managing the organization's IT governance frameworks, ensuring regulatory and internal compliance, conducting risk assessments, and supporting the development of policies, standards, and controls. This role ensures that IT processes align with business objectives while maintaining security, compliance, and risk management best practices.
Key Responsibilities
1. Governance
- Develop, maintain, and enhance IT governance frameworks aligned with industry best practices (ISO 27001, NIST, COBIT, etc.)
- Support IT policy creation, review, updates, and enforcement.
- Monitor adherence to IT policies and standards across the organization.
- Support audits (internal, external, regulatory) and coordinate remediation activities.
2. Risk Management
- Conduct periodic IT risk assessments and document risk registers.
- Evaluate risks related to systems, vendors, projects, and infrastructure.
- Recommend mitigation strategies and control improvements.
- Track and report IT risk status and KPIs to management.
3. Compliance
- Ensure compliance with relevant regulations (e.g., GDPR, DPA, PCI-DSS, ISO 27001, SOX).
- Conduct compliance reviews and control testing.
- Assist in certification and audit readiness (ISO, NCA ECC, DIFC/ADGM regulations, depending on region).
- Maintain evidence repositories for audit and compliance reporting.
4. Third-Party Risk
- Perform vendor security risk assessments and due diligence.
- Review supplier contracts for security and compliance requirements.
- Maintain thirdparty risk matrix and reporting.
5. Security & Controls
- Evaluate technical and administrative controls for effectiveness.
- Support incident response, business continuity, and disaster recovery planning.
- Participate in security awareness training initiatives.
6. Reporting
- Produce regular dashboards on governance, risk, and compliance posture.
- Present findings, trends, and recommendations to management.
Required Skills & Qualifications
- Bachelor's degree in IT, Computer Science, Information Security, or related field.
- 3 years of experience in IT GRC, IT audit, or cybersecurity.
- Strong understanding of frameworks: ISO 27001, NIST CSF, COBIT, ITIL.
- Knowledge of regulatory compliance (depending on region: GDPR, UAE/NCA, PCI-DSS, SOX, HIPAA, etc.).
- Experience in risk assessments, audits, and documentation.
- Strong analytical, communication, and documentation skills.
- Ability to work crossfunctionally with IT, security, audit, and business teams.
