GRC Consultant

Company Overview:
Securseed InfoSec is a leading cybersecurity firm that provides cutting-edge solutions to protect our clients' digital assets and sensitive information. In addition to our technical capabilities, we deliver robust Governance, Risk, and Compliance (GRC) services tailored to highly regulated industries such as banking and financial services, healthcare, telecommunications, and government sectors. Our GRC practice enables organisations to align with international standards like ISO 27001, ISO 22301, and NIST, while also meeting regional regulatory requirements such as:
UAE Information Assurance Standards (UAE IAS)
UAE cybersecurity standards and guidelines established by the National Electronic Security Authority (NESA)
We provide end-to-end support in ISMS and BCMS audits, compliance gap assessments, risk assessments, policy and procedure development, and audit readiness—enabling our clients to achieve regulatory compliance and reduce business risk effectively.
Job Overview:
We are seeking an experienced Governance, Risk & Compliance (GRC) professional to join our team. The ideal candidate will have extensive expertise in conducting ISO/IEC 27001:2022 Information Security Management System (ISMS) audits, with a deep understanding of Annex A controls, their evidence requirements, and audit methodologies. In addition, the candidate should possess significant experience in Business Continuity Management Systems (BCMS) implementation, audits, and best practices aligned with ISO 22301 standards. You will be responsible for conducting follow-up audits, performing gap assessments, and delivering high-quality, professional audit and assessment reports.
Key Responsibilities:
· Plan, execute, and report on ISO 27001:2022 ISMS audits across organizational functions.
· Assess implementation and effectiveness of Annex A controls, identifying gaps and recommending corrective actions.
· Define and evaluate the evidence requirements for each ISO 27001 control, guiding internal teams to collect appropriate documentation and records.
· Perform gap assessments, risk assessments, and internal audits for ISMS and BCMS.
· Provide subject matter expertise in ISO 22301 (Business Continuity Management System), including designing and testing Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs).
· Collaborate with business units to ensure compliance with relevant security and business continuity standards and regulatory requirements.
· Develop, review, and enhance policies, procedures, and frameworks to strengthen the organization's GRC posture.
· Prepare detailed audit reports and present findings to senior management and stakeholders.
· Prepare and deliver professionally written reports with actionable findings and clear summaries.
· Collaborate with internal teams and stakeholders to communicate risks, gaps, and proposed improvements.
· Support the design and enhancement of security governance processes as required.
Qualifications:
· Minimum 6 years of experience in Information Security, GRC, or Risk & Compliance roles.
· In-depth knowledge of ISO/IEC 27001:2022 standard and Annex A controls.
· Strong understanding of audit techniques, evidence gathering, and compliance verification methods.
· Hands-on experience in BCMS (ISO 22301), including business impact analysis (BIA), risk assessment, and continuity planning.
· Familiarity with UAE regulatory frameworks including NESA IA Standards, UAE Data Protection Law, and Central Bank Information Security Regulations is highly desirable.
· Familiarity with other standards such as NIST CSF, ISO 27005, or local regulatory frameworks is a plus.
· Strong analytical and documentation skills, with the ability to write professional audit/assessment reports.
· Excellent communication and stakeholder engagement skills.
· Relevant certifications such as ISO 27001 Lead Auditor / Lead Implementer, ISO 22301 Lead Auditor, CISA, or CISM are highly desirable.
Contract Type & Duration:
· Contract-based engagement, duration to be discussed during the interview.
· Possibility of extension or further engagement based on project needs and performance.
Join our dedicated team and play a pivotal role in strengthening our cybersecurity governance framework by driving compliance, managing risk, and ensuring adherence to international standards like ISO 27001 and ISO 22301. If you're passionate about information security, risk management, and regulatory compliance, and possess the necessary expertise, we invite you to apply and make a meaningful impact.
To apply, please submit your resume to

---