GRC Analyst (Governance, Risk & Compliance)

APPIT Software Inc.

Responsibilities

• Manage and maintain compliance programs across ISO 27001, SOC 2, NESA, and GDPR frameworks
• Conduct enterprise risk assessments, maintain the risk register, and track risk treatment plans to completion
• Coordinate internal and external audit activities, manage evidence collection, and ensure timely remediation of findings
• Develop, review, and update information security policies, standards, and procedures aligned with business objectives
• Perform third-party vendor risk assessments and manage the vendor security review lifecycle
• Prepare compliance reports and risk dashboards for executive leadership and board-level stakeholders

Requirements

• 4+ years of experience in GRC, IT audit, or information security compliance roles
• Strong working knowledge of ISO 27001/27002, SOC 2, NIST CSF, and regional frameworks (NESA IAS)
• Experience managing audit cycles end-to-end including scoping, evidence collection, and remediation tracking
• Understanding of risk management methodologies (FAIR, NIST RMF, ISO 31000)
• Familiarity with GRC platforms such as ServiceNow GRC, OneTrust, or Archer
• Excellent written and verbal communication skills with the ability to translate technical risks for business audiences

Nice to Have

• CISA, CRISC, or ISO 27001 Lead Auditor certification
• Experience with UAE NESA and DIFC data protection regulations
• Knowledge of PCI DSS compliance requirements

Skills