Cybersecurity Governance, Risk & Compliance; GRC Specialist

Job Title

Cybersecurity Governance Risk & Compliance (GRC) Specialist

Dubai, UAE (Hybrid / Onsite)

Full‑Time

We are seeking an experienced Cybersecurity Governance, Risk & Compliance (GRC) Specialist to lead and support cybersecurity governance initiatives, risk management programs, compliance assessments, and security framework implementation across client environments. The ideal candidate will possess strong knowledge of cybersecurity standards, regulatory requirements, risk assessment methodologies and information security governance practices. This role will work closely with clients, technical teams and business stakeholders to ensure cybersecurity risks are effectively managed and compliance obligations are met.

• Governance & Security Frameworks – Develop, implement and maintain cybersecurity governance programs; establish and manage Information Security Management Systems (ISMS); support implementation and maturity assessments for frameworks such as ISO
  27001, NIST Cybersecurity Framework (CSF), NIST
  800‑53, CIS Controls, PCIDSS, GDPR, UAE Information Assurance Standards, NIS2 and other regional regulatory requirements where applicable; develop cybersecurity policies, procedures, standards and guidelines.
• Risk Management – Conduct enterprise cybersecurity risk assessments; perform risk identification, analysis, treatment and reporting; maintain organizational risk registers and risk treatment plans; facilitate business impact assessments and control effectiveness reviews; present risk findings and recommendations to management and clients.
• Compliance & Audit Management – Conduct compliance gap assessments and readiness reviews; support internal and external audits; coordinate evidence collection and remediation activities; track compliance obligations and regulatory requirements; develop compliance dashboards and executive reports.
• Third‑Party & Vendor Risk Management – Perform vendor security assessments; review supplier compliance and security controls; manage third‑party risk remediation activities; support procurement and due diligence security reviews.
• Security Awareness & Advisory – Deliver cybersecurity awareness and governance workshops; provide strategic cybersecurity guidance to clients and stakeholders; assist organizations in developing security roadmaps and compliance strategies; support virtual CISO (vCISO) engagements when required.
• Reporting & Metrics – Prepare executive‑level risk and compliance reports; develop and track cybersecurity KPIs and KRIs; monitor compliance status across multiple frameworks and client environments.

Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field.

4–8 years of experience in Cybersecurity Governance, Risk & Compliance; conducting risk assessments and compliance audits; hands‑on experience implementing security governance frameworks; preference for experience within consulting, MSSP, SOC or cybersecurity service environments.

• Information Security Governance
• Enterprise Risk Management
• Cybersecurity Risk Assessments
• Compliance Auditing
• Security Policy Development
• Third‑Party Risk Management
• Business Continuity & Disaster Recovery
• Security Awareness Programs
• Vulnerability and Risk Reporting
• Frameworks & Standards: ISO
  27001/ISO
  27002, NIST CSF, NIST
  800‑53, CIS Controls, PCIDSS, GDPR, SOC2, UAE Cybersecurity Regulations, Cloud Security Governance (AWS, Azure, GCP)

• CISSP
• CISM
• CRISC
• ISO
  27001 Lead Implementer / Lead Auditor
• CISA
• PCIDSS ISA/QSA (preferred)
• CCSK or CCSP

• Excellent analytical and problem‑solving skills
• Strong stakeholder management abilities
• Executive‑level communication and presentation skills
• Risk‑based decision‑making mindset
• Strong documentation and reporting capabilities
• Ability to manage multiple client engagements simultaneously
• High attention to detail and compliance requirements