GRC Expert(RARR Job 5013)

We are seeking a highly skilled and experienced GRC (Governance, Risk, and Compliance) Expert to join our team. The ideal candidate will be responsible for designing, implementing, and managing GRC programs, ensuring compliance with international standards and regulatory requirements. The role will focus on risk assessment, third-party risk management, regulatory compliance, data privacy, and building a strong governance framework.

Key Responsibilities:

• Develop, implement, and maintain Governance, Risk, and Compliance (GRC) frameworks aligned with industry standards and regulatory guidelines.

• Conduct Third Party Risk Assessments (TPRM) to ensure security, privacy, and compliance risks are addressed for external vendors and partners.

• Manage ISO 27001 certification programs, perform internal audits, risk assessments, and support external audit processes.

• Implement and maintain controls aligned with NIST Cybersecurity Framework and other regulatory requirements.

• Ensure compliance with global and regional regulatory frameworks like Qatar Cyber Security Framework, NIA Framework, SOC 2, PCI DSS, and SOX.

• Conduct risk analysis to identify gaps and recommend appropriate controls and mitigation strategies.

• Monitor regulatory updates, assess their impact, and update internal processes accordingly.

• Collaborate with internal stakeholders (IT, Legal, Procurement, and Business Units) to drive GRC initiatives.

• Develop and deliver security awareness and GRC training across the organization.

• Administer data privacy and information security compliance programs ensuring confidentiality, integrity, and availability of data.

• Support compliance audits, evidence collection, and reporting for customers and regulators.

• Maintain and update GRC policies, procedures, and standards.