GRC Analyst (Governance, Risk & Compliance)

Manage and maintain compliance programs across ISO 27001, SOC 2, NESA, and GDPR frameworks Conduct enterprise risk assessments, maintain the risk register, and track risk treatment plans to completion Coordinate internal and external audit activities, manage evidence collection, and ensure timely remediation of findings Develop, review, and update information security policies, standards, and procedures aligned with business objectives Perform third-party vendor risk assessments and manage the vendor security review lifecycle Prepare compliance reports and risk dashboards for executive leadership and board-level stakeholders Requirements 4+ years of experience in GRC, IT audit, or information security compliance roles Strong working knowledge of ISO 27001/27002, SOC 2, NIST CSF, and regional frameworks (NESA IAS)

managing audit cycles end-to-end including scoping, evidence collection, and remediation tracking Understanding of risk management methodologies (FAIR, NIST RMF, ISO 31000) Familiarity with GRC platforms such as ServiceNow GRC, OneTrust, or Archer Excellent written and verbal communication skills with the ability to translate technical risks for business audiences Nice to Have CISA, CRISC, or ISO 27001 Lead Auditor certification Experience with UAE NESA and DIFC data protection regulations Knowledge of PCI DSS compliance requirements Skills ISO 27001SOC 2Risk AssessmentAudit ManagementNIST CSFVendor Risk ManagementPolicy Development