Specialist - Information Security GRC

About the Job:
To support the organization’s cybersecurity governance, risk management, and compliance activities by coordinating and executing Governance, Risk, and Compliance (GRC) processes. This ensures alignment with regulatory requirements, industry standards, and internal policies, ultimately strengthening the organization's security posture.

Key Responsibilities:

• Develop, implement, and maintain information security governance frameworks, policies, and procedures.
• Conduct risk assessments and facilitate risk management activities, including identification, evaluation, and mitigation of security risks.
• Support compliance efforts with relevant regulations and standards such as DESC ISR, ISO 27001, NIST, GDPR, PCI-DSS, and others.
• Manage and coordinate internal and external audits related to information security and compliance.
• Maintain the organization's risk register and track remediation plans to closure.
• Collaborate with IT, legal, and business units to embed GRC best practices across the organization.
• Prepare and present risk and compliance reports for senior management and key stakeholders.
• Facilitate training and awareness programs to promote understanding of information security policies and compliance requirements.
• Support the assessment, monitoring, and mitigation of vendor and third-party risks to ensure compliance with organizational policies and regulatory requirements.
• Monitor emerging regulations, standards, and industry trends related to cybersecurity governance and compliance.
• Coordinate and document business impact assessments (BIAs) and support the development of security risk treatment plans.
• Participate in the design and implementation of security metrics and KPIs to measure compliance and control effectiveness.
• Assist in the evaluation and implementation of GRC tools and automation solutions.

Qualifications:

• Bachelor's Degree in Information Security, Cybersecurity, Information Technology, or a related field.
• Fluent in English.
• Minimum of 7 years experience in information security governance, risk management, and compliance, preferably in regulated industries such as aviation or banking.
• Proven skills in risk assessments, audit support, policy implementation, and hands-on third-party risk management.
• Familiarity with standards such as DESC ISR, ISO 27001, NIST, and GDPR is essential.
• Relevant certifications preferred (e.g., CISM, CRISC, CISA, CISSP).

Competencies:

• Customer Focus
• Teamwork
• Effective Communication
• Personal Accountability & Commitment to Achieve
• Resilience & Flexibility (Can-do attitude)

ISR Requirements:
Reads and complies with the ISR policies of the Company and diligently reports any weaknesses or incidents to the respective Line Manager or the Information Security team. Completes all required ISR awareness sessions and follows associated guidelines in day-to-day business operations.