ASSOCIATE ARCHITECT - GRC/DRAC

Governance Risk and Compliance Analyst need To Have experience working with governance, risk, and compliance (GRC) tools such as ServiceNow, Archer, or Remedy and should be familiar with national and international regulatory frameworks like NIST, ISO, SOX, PDPL, DPDPA, HIPAA, PCI DSS, and GDPR.

ITAC , ITGC , NIST CSF , NIST RMF

Conduct Periodic Assesments and Ensure Compliance To SAMA , NESA,GDPR , Master Directions On Digital Payments , Outsourcing .

Respond To Ad-hoc Requests From Regulators Including RBI , SAMA and CB UAE.

Handle Projects For Compliance against cyber Security Frameworks .

Manage IT security risk, ensuring compliance with standards (ISO 27001, SOC 2, GDPR, NIST), and implementing security policies.

Conducting gap analysis and implementing frameworks and standards.

Developing mechanisms to align with the adoption and usage of current and emerging technologies.

Risk & Compliance Assessment: Identify vulnerabilities and assess compliance against frameworks .

Audit & Control Testing: Manage internal/external audit responses, test effectiveness of security controls ( TOD , TOE) and document evidence.

Policy Management: Develop, document, and update IT policies, standards, and procedures.

Vendor Risk Management: Assess the security posture of third-party vendors , Supplier Assurance Reviews , Materiality Assesments .

Security Awareness : Conduct Security Awareness Trainings , Run phishing simulations and track metrics.

Project Management : Implement And Track Closure of Actions Plans For Audit related Observations.

5-7+ years in information security, specifically in GRC or IT audit.

Framework Knowledge: Strong understanding of NIST CSF, ISO 27001, GDPR, SOX, or HIPAA.

Technical Knowledge: Understanding of network infrastructure, cloud security (AWS/Azure), Application Security , Cyber security , TPRM is a Must.

Certifications: Preferred certifications include CISSP, CISA, CRISC, or CISM.

Digital Risk Consulting, HIPAA, SOX ITGC, PCI DSS v3.2