GRC Specialist

Aurex Inc is looking for a seasoned GRC professional. As an integral member of the GRC Implementation team, the responsibility of this role is to carry out the implementation of GRC system for our customers related to policy compliance, security requirements governance, as well as risk management.

The ideal candidate will have knowledge of risk management, security and privacy practices and be an effective communicator, both written and verbal.

Key Responsibilities:

• Develop and participate in the implementation of client initiatives focused on the reduction of technology risk, governance, and compliance to policies and external regulatory compliance.
• Evaluating business and IT risks.
• Developing IT security standards, procedures, and controls to manage risks. Improve client security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
• Evaluation of information security threats and their impact on clients' IT environment.
• Supporting senior team members, assisting with the analysis of requirements and design of clients' information security posture, as well as legal, regulatory, and scheme security requirements.
• Supporting senior team members in the delivery of work streams for clients in compliance standards such as PCI DSS, ISO27001, EU GDPR, and Bahrain PDPL and incident management disciplines.
• Performing and investigating internal and external information security risk and exception assessments. Assessing incidents, vulnerability management, scans, patching status, secure baselines, penetration test results, phishing, and social engineering tests and attacks.
• Documenting and reporting control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
• Staying current on best practices and technological advancements and acting as a technical resource for security assessment and regulatory compliance.

• 3- 5 years experience in IT Governance, Risk & Compliance.
• Understanding of ISO 27001, PCI DSS, ITIL, ITSM, and COBIT standards preferred.
• Experience with risk management principles and associated methodologies.
• Ideally will have a CEH, CISSP, CISA, or CISM qualification.
• Proven ability to make sound pragmatic decisions and judgments under tight timelines.
• Strong interpersonal and influencing skills with the ability to influence and drive change in a collaborative way both internally and externally.