GRC Implementation Consultant

Job Description: GRC Implementation Consultant

Position Title: GRC Implementation Consultant

Department: Governance Risk & Compliance

Reports To: Head of GRC

Role Summary

The GRC Implementation Consultant is responsible for planning designing implementing

and maturing Governance Risk and Compliance frameworks for the clients. This role

liaises with business units IT auditors and leadership to identify and deploy policies

controls risk assessments compliance programs and GRC tool. The consultant ensures

that regulatory industry and internal compliance requirements are translated into

actionable controls and measurable outcomes.

Key Responsibilities

1. GRC Framework Implementation

Lead end-to-end implementation of GRC programs based on frameworks such as ISO

27001 and local regulations (e.g. UAE IA TDRA CSC NCEMA).

Develop and deploy governance structures policies standards and procedures.

Facilitate risk assessments (operational IT cybersecurity vendor risk).

Map risks to controls and recommend risk treatment plans.

2. Compliance & Audit Management

Implement and monitor compliance programs to ensure adherence to regulatory and

internal requirements.

Conduct control assessments maturity assessments and internal audits.

Support external audits by preparing evidence documentation and remediation plans.

Track non-conformities CAPA (Corrective Actions) and compliance KPIs.

3. Risk Management Activities

Run enterprise IT cybersecurity and vendor risk assessments.

Maintain and update the enterprise risk register.

Analyze threats vulnerabilities impact and likelihood to calculate risk scores.

Provide recommendations to mitigate or optimize risks.

4. Resilience and Business Continuity

Design implement and maintain the Business Continuity Management System (BCMS)

including Business Impact Analysis (BIA) Business Continuity & Recovery Planning Crisis

& Incident Management Testing Exercising & Maintenance Training & Awareness

Compliance Audit & Assurance

5. Stakeholder Engagement & Advisory

Conduct workshops awareness sessions and training for process owners.

Collaborate with IT Business HR Legal Operations and external auditors.

Serve as a subject matter advisor on governance cyber regulations and best practices.

6. Documentation & Reporting

Prepare detailed project documentation implementation plans and status reports.

Develop SoPs risk treatment plans audit reports and compliance dashboards.

Report risk posture compliance gaps KRIs and KPIs to management.

7. Project Management

Manage the client engagement independently in terms of Project plan deliverables and

closure

Required Qualifications

Education

Bachelors degree in information security IT Risk Management or related field.

Certifications (Mandatory)

ISO 27001 Lead Implementer or Lead Auditor

ISO 22301 Lead Implementer or Lead Auditor

Certifications (Preferred)

CRISC / CISM / CISSP

ISO31000 (ERM)

Skills & Competencies

Strong knowledge of GRC frameworks and regulatory requirements.

Excellent documentation and presentation skills.

Strong analytical and problem-solving abilities.

Ability to manage multiple clients stakeholders and projects.

Experience conducting risk assessments and control design.

Understanding cybersecurity IT processes and audit methodologies.

Experience Requirements

38 years of experience in GRC implementation or consulting.

Experience in implementing ISMS & BCMS on ISO 27001 ISO 22301 UAE IA NCEMA or

equivalent frameworks.

Practical experience leading audits assessments and GRC tool deployments.

Experience in government/regulatory environments (e.g. UAE IA NCEMA) is an advantage.

Key Deliverables

GRC framework implementation roadmap

Policies standards and procedures

Risk registers and treatment plans

Compliance assessments and audit reports

GRC tool dashboards workflows and automation

Training and awareness sessions

Soft Skills

Leadership and influence without authority

Ability to work under pressure and manage deadlines

Strong stakeholder communication

Attention to detail and structured thinking

Preference shall be given to those in UAE and available for immediate join