Governance, Risk, and Compliance (GRC) Specialist

We are seeking a motivated and detail-oriented Governance, Risk, and Compliance (GRC) Specialist to join our team. The ideal candidate will bring 3–5 years of experience in GRC with a strong focus on policy drafting, risk assessments, compliance management, and implementation of best practices. This role involves ensuring that the organization complies with relevant regulations, standards, and internal policies while maintaining robust governance and risk frameworks.

Policy Development and Documentation:

• Draft, review, and maintain technical policies, procedures, and guidelines, ensuring they comply with standards like ISO 27001, NIST, GDPR, and other regulatory requirements.
  

• Collaborate with technical teams to incorporate operational details into policies.
  

• Customize policies to address specific organizational risks and business requirements.
  

Risk Management:

• Assist in identifying and assessing risks related to information security, privacy, and regulatory compliance.
  

• Recommend mitigation strategies and monitor their implementation.
  

• Contribute to the development of risk treatment plan and control documentation.
  

• Maintain a risk register and provide regular updates to leadership.
  

Compliance Management:

• Ensure adherence to relevant laws, regulations, and standards (e.g., ISO 27001, GDPR, PCI-DSS, SOC2).
  

• Participate in internal and external audits to ensure adherence to established policies and regulatory frameworks.
  

• Track compliance gaps and coordinate remediation efforts with relevant stakeholders.
  

Training and Awareness:

• Develop and deliver training sessions and materials to educate employees and stakeholders on policies, compliance requirements, and  best practices.
  

• Conduct periodic awareness campaigns to reinforce the importance of governance, risk, and compliance across the organization.
  

• Monitor the effectiveness of training programs and update content as needed based on feedback and evolving compliance needs.
  

Monitoring and Reporting:

• Monitor the effectiveness of governance, risk, and compliance programs.
  

• Prepare reports for senior management and stakeholders on GRC metrics and compliance status.
  

Cross-functional Collaboration:

• Work closely with IT, legal, operations, and other teams to ensure integrated compliance and risk management efforts.
  

Requirements

• Bachelor’s degree in Information Security, Business Administration, Legal Studies, or a related field.
  
• 3–5 years of experience in GRC roles, with a focus on policy drafting and compliance management.
  
• In-depth knowledge of regulatory standards such as GDPR, ISO 27001, PCI-DSS, SOX, CPRA etc.
  
• Strong understanding of risk management frameworks and methodologies (e.g., COSO, COBIT, NIST, CMMC and others relevant).
  
• Proficiency in GRC tools and platforms is a plus.
  

Key Skills and Attributes:

• Excellent written and verbal communication skills, with the ability to draft clear and concise policies.
  
• Strong analytical and problem-solving skills.
  
• Ability to manage multiple tasks and meet deadlines in a fast-paced environment.
  
• High attention to detail and a commitment to maintaining organizational integrity.
  
• Ability to work independently and collaboratively across teams.
  

Preferred Certifications (Desirable but not Mandatory):

• Certified Information Systems Auditor (CISA/CISM).
  
• Certified Risk and Information Systems Control (CRISC).
  
• ISO 27001 Lead Implementer/Auditor.
  
• Certified in Governance of Enterprise IT (CGEIT).
  
• Data Protection Officer (DPO) Certification.