Senior GRC (governance | risk & compliance) specialist

We invite applications from suitably qualified individuals for the post of Senior GRC (governance, risk & compliance) specialist. The selected candidate will report to the Head of cyber security operations.

Responsibilities

1. Delivering GRC consultancy services including data classification consultation, policy development, gap analysis, risk assessments, privacy assessments, ISO 27001 implementation, PDPA consultation, and BCMS implementation.
2. Supporting internal compliance initiatives by developing, maintaining, and reviewing organisational policies, procedures, and controls in line with relevant standards and regulatory requirements.
3. Collaborating with cross-functional teams to integrate GRC practices into broader business and IT processes, enhancing overall governance and security posture.
4. Staying informed about evolving regulations, compliance trends, and cybersecurity threats – providing strategic recommendations for continuous improvement.
5. Mentoring and guiding junior GRC analysts in their professional development, fostering a culture of knowledge sharing and continuous learning within the team.

Requirements

1. 3-7 years of experience in a GRC role or similar, with a focus on information security, risk management, and compliance. In depth understanding of GRC frameworks such as ISO 27001, ISO 27701, PDPA, NIST, and relevant industry standards.
2. Proven experience in conducting risk assessments, internal audits, and compliance reviews, with a track record of leading successful initiatives.
3. Extensive knowledge of data protection laws such as GDPR, with hands-on experience ensuring regulatory compliance.
4. Strong understanding of security controls and risk mitigation strategies, with the ability to develop practical solutions.
5. Excellent analytical, organisational, and communication skills, with the ability to convey complex concepts to a variety of audience.
6. Proven ability to work independently and lead cross-functional teams effectively.
7. Professional certifications such as CISA, CISM, CRISC, ISO 27001 lead implementer/auditor, or equivalent are highly desirable.
8. Bachelor’s degree in information security, IT, or a related field; advanced degrees are a plus.

Benefits

1. Competitive compensation: Attractive salary and a comprehensive benefits package.
2. Cutting-edge exposure: Exposure to cutting-edge technologies and high-impact projects.
3. Inclusive culture: A dynamic and inclusive environment where your ideas and contributions are genuinely valued.
4. Career advancement: Opportunities for growth and professional development in a rapidly evolving industry.

About the company

Connex Information Technologies (Pvt) Ltd, a leading technology services and solutions distributor, dedicated to helping organizations navigate complex and evolving landscapes.

When applying

If you’re up for the challenge, please send your resume to [email protected] or click on the advert to apply. Please state the position you’re interested in as in the subject line of your email.