· The GRC consultant is responsible for the design, maintenance and implementation of the IT General Controls (ITGC) framework and monitoring operations, and for the design and implementation of security-model best practices and associated operations across multivendor applications and the organization.
· Responsibilities also include the review and approval of Security deliverables to ensure compliance and adherence to standards and to meet technical objectives.
· The Security and Compliance consultant will build a team to manage the security of and access to enterprise applications, including multivendor platforms.
· The selected candidate will define and monitor SLAs, and be responsible for managing ongoing security operations, administering security roles and authorization profiles for applications, resource planning, scheduling and prioritization.
· Hands-on technology execution experience is required along with a solid grasp of Security architecture, strategy, and cloud technologies.
· The GRC consultant ensures adherence to policies and procedures regarding audits, system access, periodic access reviews, user maintenance and segregation of duties within the environment.
· This role requires experience in implementing and operationalizing a GRC (governance, risk and compliance) toolset to automate these processes.
· The ideal candidate will have experience with both transformational project implementations and ongoing operations. The ability to collaborate and coordinate with multiple IT and business leaders, and IT vendors is critical.
· Lead the design and development of security and compliance standards, processes, policies and tools (e.g. GRC).
· Review and approve security system architecture and designs. Ensure convergence of business, technical and security requirements. Ensure adequate access and process controls.
· Lead and coordinate the technical and operational aspects of security, threat and incident management, coordinating with IT and business leads. Develop and recommend plans to mitigate and eliminate risks.’
· Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications.
· Developing governance framework and cyber risk strategies.
· Outline compliance implementation, audit, control and reporting methodologies
· Identifying cyber risks and developing cyber risk registers
· Developing and maintaining cyber risk management and reporting frameworks.
· Conducting various cyber risk assessments.
· Developing and delivering comprehensive risk reports to provide detailed insights of the current state of its cyber risks.
· Performing cyber threat modeling and business impact analyses to ensure cyber assets are adequately protected with proper cyber security measures and controls.
· Managing cyber risk using GRC platforms.
· Developing KRIs and determining how to measure and report on KRIs.
· Collaborating with key internal and client business stakeholders to facilitate cyber risk analysis and informed decision-making
· Ensuing that risk-based management decisions align with laws and regulations that are applicable to our clients
· A minimum of 8 -10years in cyber security, with a focus on cyber governance, risk management and compliance
· Must have hands on experience with conducting Risk assessments & an expert in Risk Management
· Experienced in managing projects end to end
· Experienced in managing a team of other GRC professional
· Bachelor’s or master’s degree in Information Systems, Engineering or other technical discipline, or equivalent work experience
· At least one security and compliance certification: CISSP, CISM, CISA, CRISC
· Bilingual – English mandatory while Arabic is a plus
· Strong written and verbal communication skills; ability to provide updates to directors and VPs; adept at building relationships with internal teams and external partners
· Ability to operate in a complex, fast-paced environment with interdependencies spanning multiple work streams, teams, business divisions, geographic sectors, time zones and languages
· At least 6 years’ experience with Microsoft, SAP, Oracle, IBM Security and other GRC systems
· Broad knowledge of various security and compliance fields (enterprise applications, infrastructure, integrations, digital, etc.)
· Experience with common information security frameworks such as HIPA, PIPA, ISO, ITIL and COBIT, as well as familiarity with applicable legal and regulatory frameworks
· Proficient in MS Office (Word, PowerPoint and Excel) and SharePoint