Job description
About the Role:As a Cybersecurity GRC Manager based in the United Arab Emirates, you will lead the development, implementation, and oversight of our Governance, Risk, and Compliance framework. You will ensure alignment with regional and international standards, drive risk assessment and remediation activities, manage GRC tool deployments, engage with regulatory bodies, and build a strong security culture through leadership and training.
Responsibilities:- Develop and maintain the Cybersecurity GRC framework aligned with ISO 27001, NIST CSF, COBIT, NCA ECC, SAMA CSF, and UAE IA Standards
- Conduct enterprise-wide risk assessments and business impact analyses to identify, evaluate, and prioritize security risks
- Design, implement, and update information security policies, standards, and procedures
- Lead the implementation and optimization of GRC tools including ServiceNow GRC, MetricStream, and Archer
- Monitor compliance with UAE regulatory requirements and engage with local regulatory bodies
- Coordinate and deliver organization-wide security awareness training programs
- Develop and track GRC metrics and dashboards to report on program performance
- Manage, mentor, and develop a high-performing GRC team
- Collaborate with IT, legal, audit, and business stakeholders to integrate GRC processes into business operations
- Stay current on emerging cybersecurity regulations, best practices, and industry trends in the UAE
Required Qualifications:- 8–12 years of hands-on experience in cybersecurity GRC roles
- Deep technical knowledge of ISO 27001, NIST CSF, COBIT, NCA ECC, SAMA CSF, and UAE IA Standards
- Proven experience conducting risk assessments and business impact analyses
- Strong expertise in developing and implementing information security policies and procedures
- Hands-on experience implementing and managing ServiceNow GRC, MetricStream, and Archer platforms
- Demonstrated ability to engage with regulatory bodies and ensure compliance with regional regulations
- Experience designing and delivering security awareness training programs
- Proven leadership skills with experience managing and mentoring teams
- Excellent communication, stakeholder management, and presentation skills
Preferred Qualifications:- Certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer
- Experience with additional GRC platforms or custom tool integrations
- Advanced degree in Cybersecurity, Information Security, or a related field
- Familiarity with other compliance frameworks such as PCI DSS or GDPR
- Prior experience in the financial services or government sector within the UAE
This job post has been translated by AI and may contain minor differences or errors.
