GRC AnalystSpecialist

Job-Specific Skills

The Information Security Auditor / GRC Specialist ensures the organization's IT and security controls are effective, compliant, and aligned with industry standards. The role includes audit execution, risk assessment, compliance monitoring, and continuous improvement of control frameworks.

• Map control frameworks (ISO 27001, QCSF, NIA) to business processes.
• Design and test controls for effectiveness using walkthroughs, sampling, and test scripts.
• Execute full audit lifecycle: readiness assessment, field coordination, and closure with auditors.
• Manage and maintain audit evidence with full traceability, versioning, and chain of custody.
• Perform risk assessments and treatments including risk registers, scoring models, and mitigation/acceptance plans.
• Develop and periodically review policies, standards, and procedures to ensure auditability.
• Manage third‑party/vendor risks and ensure compliance with contractual security requirements.
• Ensure cloud security compliance across AWS, Azure, GCP (IAM logging baseline configurations).
• Align with regulatory requirements including Qatar Privacy Law, Qatar Cybercrime Law, GDPR/CCPA, PCI DSS, and assess applicability.
• Develop metrics and reporting dashboards including KPIs, KRIs, and executive summaries.
• Track issues and remediation actions to closure.
• Demonstrate proficiency with GRC platforms and tools for auditing, risk, and compliance management.

• Bachelors degree in Computer Science, Information Security, IT or equivalent hands‑on experience.
• Relevant certifications:
  CompTIA Security+, ISO 27001 Internal Auditor/Lead Implementer, CCSK, CISA, CISM, CISSP.
• Strong written and verbal communication skills.

• 4 years of experience leading end‑to‑end audit cycles, managing mature control sets, and coaching team members.

Please submit CVs on or before 02nd December 2025.