Cybersecurity Governance, Risk & Compliance (GRC) Specialist
ITHR Technologies Consulting LLC
Date: 2 weeks ago
City: Dubai
Contract type: Full time
Job Description: Cybersecurity Governance, Risk & Compliance (GRC) Specialist
Job Title
Cybersecurity GRC Specialist
Location
Dubai, UAE (Hybrid / Onsite)
Employment Type
Full-Time
About ProofOps
ProofOps is a cybersecurity services company focused on strengthening digital resilience through managed security operations, incident response, vulnerability management, penetration testing, threat intelligence, attack surface management, and cybersecurity consulting services. The company helps organizations establish robust security programs, manage cyber risk, and maintain compliance with industry standards and regulatory requirements.
Role Overview
We are seeking an experienced Cybersecurity Governance, Risk & Compliance (GRC) Specialist to lead and support cybersecurity governance initiatives, risk management programs, compliance assessments, and security framework implementation across client environments.
The ideal candidate will possess strong knowledge of cybersecurity standards, regulatory requirements, risk assessment methodologies, and information security governance practices. This role will work closely with clients, technical teams, and business stakeholders to ensure cybersecurity risks are effectively managed and compliance obligations are met.
Key Responsibilities
Governance & Security Frameworks
Develop, implement, and maintain cybersecurity governance programs.
Establish and manage Information Security Management Systems (ISMS).
Support implementation and maturity assessments for frameworks such as:
ISO 27001
NIST Cybersecurity Framework (CSF)
NIST 800-53
CIS Controls
PCI DSS
GDPR
UAE Information Assurance Standards
NIS2 And Other Regional Regulatory Requirements Where Applicable.
Develop cybersecurity policies, procedures, standards, and guidelines.
Risk Management
Conduct enterprise cybersecurity risk assessments.
Perform risk identification, analysis, treatment, and reporting.
Maintain organizational risk registers and risk treatment plans.
Facilitate business impact assessments and control effectiveness reviews.
Present risk findings and recommendations to management and clients.
Compliance & Audit Management
Conduct compliance gap assessments and readiness reviews.
Support internal and external audits.
Coordinate evidence collection and remediation activities.
Track compliance obligations and regulatory requirements.
Develop compliance dashboards and executive reports.
Third-Party & Vendor Risk Management
Perform vendor security assessments.
Review supplier compliance and security controls.
Manage third-party risk remediation activities.
Support procurement and due diligence security reviews.
Security Awareness & Advisory
Deliver cybersecurity awareness and governance workshops.
Provide strategic cybersecurity guidance to clients and stakeholders.
Assist organizations in developing security roadmaps and compliance strategies.
Support virtual CISO (vCISO) engagements when required.
Reporting & Metrics
Prepare executive-level risk and compliance reports.
Develop and track cybersecurity KPIs and KRIs.
Monitor compliance status across multiple frameworks and client environments.
Required Qualifications
Education
Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field.
Experience
4–8 years of experience in Cybersecurity Governance, Risk & Compliance.
Experience conducting risk assessments and compliance audits.
Hands-on experience implementing security governance frameworks.
Experience working within consulting, MSSP, SOC, or cybersecurity service environments is preferred.
Technical Knowledge
Information Security Governance
Enterprise Risk Management
Cybersecurity Risk Assessments
Compliance Auditing
Security Policy Development
Third-Party Risk Management
Business Continuity & Disaster Recovery
Security Awareness Programs
Vulnerability and Risk Reporting
Frameworks & Standards
Strong working knowledge of:
ISO 27001 / ISO 27002
NIST CSF
NIST 800-53
CIS Controls
PCI DSS
GDPR
SOC 2
UAE Cybersecurity Regulations
Cloud Security Governance (AWS, Azure, GCP)
Preferred Certifications
One or more of the following certifications are highly desirable:
CISSP
CISM
CRISC
ISO 27001 Lead Implementer
ISO 27001 Lead Auditor
CISA
PCI DSS ISA/QSA (preferred)
CCSK or CCSP
Key Competencies
Excellent analytical and problem-solving skills
Strong stakeholder management abilities
Executive-level communication and presentation skills
Risk-based decision-making mindset
Strong documentation and reporting capabilities
Ability to manage multiple client engagements simultaneously
High attention to detail and compliance requirements
Job Title
Cybersecurity GRC Specialist
Location
Dubai, UAE (Hybrid / Onsite)
Employment Type
Full-Time
About ProofOps
ProofOps is a cybersecurity services company focused on strengthening digital resilience through managed security operations, incident response, vulnerability management, penetration testing, threat intelligence, attack surface management, and cybersecurity consulting services. The company helps organizations establish robust security programs, manage cyber risk, and maintain compliance with industry standards and regulatory requirements.
Role Overview
We are seeking an experienced Cybersecurity Governance, Risk & Compliance (GRC) Specialist to lead and support cybersecurity governance initiatives, risk management programs, compliance assessments, and security framework implementation across client environments.
The ideal candidate will possess strong knowledge of cybersecurity standards, regulatory requirements, risk assessment methodologies, and information security governance practices. This role will work closely with clients, technical teams, and business stakeholders to ensure cybersecurity risks are effectively managed and compliance obligations are met.
Key Responsibilities
Governance & Security Frameworks
Develop, implement, and maintain cybersecurity governance programs.
Establish and manage Information Security Management Systems (ISMS).
Support implementation and maturity assessments for frameworks such as:
ISO 27001
NIST Cybersecurity Framework (CSF)
NIST 800-53
CIS Controls
PCI DSS
GDPR
UAE Information Assurance Standards
NIS2 And Other Regional Regulatory Requirements Where Applicable.
Develop cybersecurity policies, procedures, standards, and guidelines.
Risk Management
Conduct enterprise cybersecurity risk assessments.
Perform risk identification, analysis, treatment, and reporting.
Maintain organizational risk registers and risk treatment plans.
Facilitate business impact assessments and control effectiveness reviews.
Present risk findings and recommendations to management and clients.
Compliance & Audit Management
Conduct compliance gap assessments and readiness reviews.
Support internal and external audits.
Coordinate evidence collection and remediation activities.
Track compliance obligations and regulatory requirements.
Develop compliance dashboards and executive reports.
Third-Party & Vendor Risk Management
Perform vendor security assessments.
Review supplier compliance and security controls.
Manage third-party risk remediation activities.
Support procurement and due diligence security reviews.
Security Awareness & Advisory
Deliver cybersecurity awareness and governance workshops.
Provide strategic cybersecurity guidance to clients and stakeholders.
Assist organizations in developing security roadmaps and compliance strategies.
Support virtual CISO (vCISO) engagements when required.
Reporting & Metrics
Prepare executive-level risk and compliance reports.
Develop and track cybersecurity KPIs and KRIs.
Monitor compliance status across multiple frameworks and client environments.
Required Qualifications
Education
Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field.
Experience
4–8 years of experience in Cybersecurity Governance, Risk & Compliance.
Experience conducting risk assessments and compliance audits.
Hands-on experience implementing security governance frameworks.
Experience working within consulting, MSSP, SOC, or cybersecurity service environments is preferred.
Technical Knowledge
Information Security Governance
Enterprise Risk Management
Cybersecurity Risk Assessments
Compliance Auditing
Security Policy Development
Third-Party Risk Management
Business Continuity & Disaster Recovery
Security Awareness Programs
Vulnerability and Risk Reporting
Frameworks & Standards
Strong working knowledge of:
ISO 27001 / ISO 27002
NIST CSF
NIST 800-53
CIS Controls
PCI DSS
GDPR
SOC 2
UAE Cybersecurity Regulations
Cloud Security Governance (AWS, Azure, GCP)
Preferred Certifications
One or more of the following certifications are highly desirable:
CISSP
CISM
CRISC
ISO 27001 Lead Implementer
ISO 27001 Lead Auditor
CISA
PCI DSS ISA/QSA (preferred)
CCSK or CCSP
Key Competencies
Excellent analytical and problem-solving skills
Strong stakeholder management abilities
Executive-level communication and presentation skills
Risk-based decision-making mindset
Strong documentation and reporting capabilities
Ability to manage multiple client engagements simultaneously
High attention to detail and compliance requirements
How to apply
To apply for this job you need to authorize on our website. If you don't have an account yet, please register.
Post a resumeSimilar jobs
Inventory Manager
Pattern,
Dubai
1 day ago
We need an Inventory Manager (Buyer/Planner) who will be responsible for managing demand forecasting, inventory & receipts for 7-12 brands. Brand management, and brand partnerships and communication are a key component of success. Other measures of success are weeks of supply/ coverage for your brands, inventory turn, accurate sales forecasting, and instock rates. These can be accomplished through consistent forecast...
Surveyor (Residential Valuations)
Savills Middle East,
Dubai
1 day ago
A Surveyor specialising in valuations for loan security and financial reporting. The Surveyor will work with a wide range of clients including local, international and private banks, private wealth customers, local and international companies, and Government Departments.
The ideal candidate will have a minimum of three years' experience in property valuations, including at least one year specialising in residential valuations....
Mid Market Account Manager - Dubai
Deliveroo,
Dubai
2 days ago
Why Deliveroo?When you first think about Deliveroo, you probably think of getting great food to your house in less than half an hour. Awesome right? But behind the scenes is the real story. This story is one of high growth, huge challenges and an enormous opportunity ahead of us.We want to be the definitive food company - the app you...