Consultant - GRC

About This Role

Job Description Key Outcomes (What success looks like)

• Corporate GRC requests are triaged, tracked, delivered, and reported with clear SLAs and priorities.
• Policies/standards/procedures are usable, enforced, and updated—not shelfware.
• Risk and compliance reporting is accurate, timely, and defensible for leadership and auditors.
• Client deliverables are clean, structured, and aligned to agreed frameworks (e.g., QCSF/NIA, ISO 27001, NIST).
• Stakeholders respect the function because you add clarity and control, not bureaucracy.

Responsibilities

• Corporate GRC Operations (High-Volume Request Handling)
• Act as the single point of accountability for BU GRC operations: intake, triage, prioritization, execution, and closure.
• Build and run a GRC request pipeline (ticketing/backlog/kanban), including SLAs, dependencies, and status reporting.
• Challenge vague requests: convert noise into clear scope, deliverables, owners, and deadlines.
• Enforce governance through decisions and escalation.
• Governance (Policies, Standards, Internal Controls)
• Develop and maintain BU security governance artifacts: policies, standards, procedures, baselines, templates.
• Ensure governance aligns with corporate requirements and applicable regulations, with traceability to controls/frameworks.
• Drive policy adoption via implementation guidance, control owners, and periodic attestations.
• Produce executive-friendly outputs: dashboards, governance reports, action trackers.
• Risk Management (Practical, Not Theoretical)
• Own the BU risk register: identification, assessment, scoring, treatment plans, and acceptance workflows.
• Run risk workshops with IT/Operations/Projects to capture real risks and convert them into actions.
• Manage risk exceptions/waivers (justification, compensating controls, approval, expiry, re-validation).
• Track remediation progress, validate evidence, and report risk movement over time.
• Compliance & Audit Execution (Evidence-Driven)
• Lead BU readiness for internal/external audits: evidence collection, control testing coordination, gap closure plans.
• Maintain compliance mapping for relevant frameworks (e.g., ISO 27001/27002, NIST CSF/800-53, CIS Controls, local frameworks such as QCSF/NIA when applicable).
• Coordinate with Legal/HR/IT/Procurement on compliance topics (privacy, records, access controls, vendor risk).
• Produce audit artifacts: SoA, control matrices, evidence packs, CAPA plans.
• Third-Party & Supplier Risk
• Execute/coordinate third-party security assessments: questionnaires, evidence review, risk ratings, remediation follow-up.
• Support contract/security clauses review with Procurement/Legal.
• Maintain supplier risk records and ensure closure of high/critical findings.
• Client-Facing GRC Delivery (Part-Time Allocation)
• Contribute to client assessments and advisory engagements: maturity assessments, gap analysis, compliance roadmaps, risk registers, policies, and reporting.
• Support delivery managers/project leads with structured, reusable deliverables and strong documentation quality.
• Participate in client meetings/workshops and translate discussions into actionable outputs.
• Metrics, Reporting, and Leadership Communication
• Run recurring reporting: GRC KPIs/KRIs, compliance status, audit readiness, top risks, overdue actions.
• Brief BU leadership with clear recommendations, decisions needed, and escalation items.
• Maintain transparency: stakeholders should always know what’s in progress, blocked, overdue, and why.

Qualifications Required Experience & Qualifications

• 8 years in cybersecurity GRC, risk management, compliance, or audit-heavy security roles.
• Proven experience running governance documentation end-to-end (policy → adoption → evidence).
• Solid understanding of security frameworks and control-based approaches: ISO 27001/27002, NIST CSF/800-53, CIS Controls (and QCSF/NIA if in Qatar context).
• Experience with audits (internal/external), evidence management, and remediation tracking.
• Strong stakeholder management across technical and non-technical teams.

Tools & Delivery Skills

• Advanced documentation and structuring: MS Word/PowerPoint, clean formatting, executive summaries.
• Strong Excel skills for trackers and reporting (risk registers, matrices, dashboards).
• Familiarity with GRC tooling
• Ability to manage workflows in Jira/ServiceNow/Planner/Trello or similar.

About Malomatia ABOUT US malomatia is a leading Qatar-based IT services and solutions provider, bringing together top Qatari and international talent to deliver innovative, end-to-end technology solutions that empower clients to achieve their strategic goals.

Our mission Empowering Qatar’s businesses and governments to leap into the digital future with agile, knowledge-driven solutions.

Our vision To become Qatar’s trusted knowledge partner in digital transformation, disrupting industries, shaping the future, and building a world-class tech ecosystem.

Driving change that makes a real impact Since 2008, malomatia has been driving Qatar’s digital transformation through innovative, ISO-certified IT solutions. With expertise across key public and private sectors, we empower the nation’s vision with advanced services in cloud, cybersecurity, AI, and contact center excellence, elevating the role of technology in shaping Qatar’s sustainable future.

About The Team Established in 2008, malomatia is a Qatari leader in IT services and digital transformation. We serve key sectors including Government, Healthcare, Education, Customs, and Transportation, delivering impactful solutions that support national development goals. Powered by a diverse team of skilled Qatari and international IT professionals, we deliver innovative, high-value digital solutions tailored to the unique needs of our clients.

Our mission is to inspire customers to thrive through digital excellence, and we envision becoming the trusted partner of choice in building a smarter society through technology and talent. We are driven by core values that define our culture and approach: ownership, integrity, empathy, teamwork, transparency, agility, excellence, trust, and innovation.

Join us in shaping the future of technology in Qatar