GRC Senior Analyst/Specialist
Listed on 2026-07-02
-
IT/Tech
Cybersecurity, Information Security, IT Consultant, Data Security
GRC Senior Analyst / Specialist
A GRC Senior Analyst / Specialist supports the governance, risk, and compliance framework to ensure alignment with national cyber regulations, security policies and government assurance standards.
The role focuses on identifying, assessing and managing cyber and information security risks across systems and operations, while ensuring compliance with applicable regulatory frameworks, security controls and audit requirements. It involves maintaining risk registers, supporting security assessments and tracking remediation of vulnerabilities and control gaps.
The position also works closely with security, IT, and government stakeholders to strengthen cybersecurity governance, support accreditation processes and ensure continuous compliance with national cybersecurity mandates.
Core Activities- Provide expert consultation on Governance, Risk, and Compliance (GRC) matters.
- Review, assess, and enhance enterprise cybersecurity architecture.
- Conduct reviews of QCSF evidence and provide compliance recommendations.
- Deliver cybersecurity consultancy and practical security solutions to internal stakeholders.
- Identify cybersecurity risks and recommend mitigation strategies.
- Support the implementation of cybersecurity policies, standards, and best practices.
- Collaborate with business and technical teams to improve cybersecurity posture.
- Prepare reports, assessments, and recommendations for management.
- Stay updated with emerging cybersecurity threats, technologies, and regulatory requirements.
- Act as a subject matter expert for cybersecurity governance, risk, and compliance.
- Review and improve enterprise cybersecurity architecture to ensure alignment with business and security objectives.
- Evaluate compliance against the Qatar Cyber Security Framework (QCSF) and recommend corrective actions.
- Provide strategic cybersecurity guidance to stakeholders across the organisation.
- Develop and recommend cybersecurity controls and solutions based on risk assessments.
- Support cybersecurity audits, assessments, and compliance activities.
- Ensure cybersecurity initiatives align with organisational policies and industry standards.
- Produce high-quality documentation, reports, and technical recommendations.
- Mentor stakeholders on cybersecurity best practices where required.
- Education: Bachelor's or Master's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related discipline.
- Experience: Minimum of 10 years' experience in cybersecurity, with strong expertise in Governance, Risk & Compliance (GRC), enterprise cybersecurity architecture and regulatory compliance.
- Mandatory
Certifications:
CIIP (Certified Information Infrastructure Professional), CISM (Certified Information Security Manager). - Preferred
Certifications:
GICSP (Global Industrial Cyber Security Professional), CCISO (Certified Chief Information Security Officer). - Skills &
Competencies:- Strong knowledge of Governance, Risk & Compliance (GRC) frameworks.
- Extensive experience with Enterprise Cybersecurity Architecture.
- Thorough understanding of the Qatar Cyber Security Framework (QCSF).
- Strong cybersecurity consulting and advisory skills.
- Excellent analytical and problem-solving abilities.
- Ability to assess risks and recommend effective security solutions.
- Excellent communication, stakeholder management, and report-writing skills.
- Ability to work independently and collaboratively within multidisciplinary teams.
- Strong understanding of international cybersecurity standards and best practices.
- Language Proficiency: Proficiency in English & Arabic is required.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).