GRC Analyst; Governance, Risk & Compliance

Responsibilities

• Manage and maintain compliance programs across ISO 27001, SOC 2, NESA and GDPR frameworks.
• Conduct enterprise risk assessments and maintain the risk register, tracking risk treatment plans to completion.
• Coordinate internal and external audit activities, manage evidence collection and ensure timely remediation of findings.
• Develop, review and update information security policies, standards and procedures aligned with business objectives.
• Perform third‑party vendor risk assessments and manage the vendor security review lifecycle.
• Prepare compliance reports and risk dashboards for executive leadership and board‑level stakeholders.

• 4+ years of experience in GRC, IT audit, or information security compliance roles.
• Strong working knowledge of ISO 27001, ISO 27002, SOC 2, NIST CSF and regional frameworks (NESA IAS).
• Experience managing audit cycles end‑to‑end including scoping, evidence collection and remediation tracking.
• Understanding of risk management methodologies (FAIR, NIST RMF, ISO 31000).
• Familiarity with GRC platforms such as Service Now GRC, One Trust or Archer.
• Excellent written and verbal communication skills with the ability to translate technical risks for business audiences.

• CISA, CRISC or ISO 27001 Lead Auditor certification.
• Experience with UAE NESA and DIFC data protection regulations.
• Knowledge of PCI DSS compliance requirements.

• ISO 27001, SOC 2, Risk Assessment, Audit Management, NIST CSF, Vendor Risk Management, Policy Development.