We are seeking an experienced Information Security Governance, Risk & Compliance (GRC) Specialist to strengthen the organization's cybersecurity governance framework and ensure compliance with local and international regulatory requirements. The successful candidate will be responsible for driving information security governance initiatives, managing enterprise security risks, maintaining compliance with industry standards, supporting audits, and ensuring the effectiveness of security controls across the organization.
This role requires strong expertise in ISO 27001, Qatar National Information Assurance (NIA), PCI-DSS, data privacy, risk management, and internal control frameworks, while working closely with business stakeholders, technology teams, auditors, and regulators.
Key Responsibilities
Information Security Governance
- Support the implementation, maintenance, and continual improvement of the organization's Information Security Management System (ISMS) aligned with ISO/IEC 27001.
- Develop, review, and maintain information security policies, standards, procedures, and governance documentation.
- Monitor compliance with internal security policies, regulatory requirements, and industry best practices.
- Promote security governance and security awareness across the organization.
Risk Management
- Conduct enterprise information security risk assessments across technology, applications, infrastructure, cloud services, and business processes.
- Maintain the organization's cybersecurity risk register and ensure timely risk treatment activities.
- Facilitate risk identification workshops with business and technology stakeholders.
- Monitor risk mitigation plans and provide regular reporting to management.
Compliance Management
Lead and support compliance initiatives related to:
- ISO/IEC 27001
- Qatar National Information Assurance (NIA)
- PCI-DSS
- Data Privacy and Protection requirements
- Perform compliance assessments, control reviews, gap analyses, and remediation tracking.
- Coordinate certification readiness activities and ensure ongoing compliance.
Audit & Assurance
- Coordinate internal audits, external audits, certification audits, and regulatory assessments.
- Prepare audit evidence and validate documentation supporting security controls.
- Review technical evidence from infrastructure, cloud environments, applications, security platforms, and business systems to determine control effectiveness.
- Track audit findings and ensure timely remediation and closure.
Internal Controls
- Support ICOFR (Internal Controls over Financial Reporting) reviews and control testing activities.
- Coordinate remediation efforts with business and technology teams.
- Ensure security controls align with financial reporting and governance requirements.
Reporting & Stakeholder Management
- Prepare executive dashboards, governance reports, compliance reports, audit reports, and cybersecurity risk reports.
- Present findings, recommendations, and compliance status to senior management and key stakeholders.
- Work collaboratively with internal teams, external auditors, regulators, and third-party service providers.
- Provide guidance on governance, risk, and compliance best practices across the organization.
Required Qualifications
- Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Information Security, Risk Management, or a related discipline.
- 5–8 years of experience in Information Security Governance, Risk Management, Compliance, Internal Controls, Information Security Audit, or Cybersecurity.
- Hands-on experience implementing, maintaining, or managing Information Security Management Systems (ISMS) based on ISO/IEC 27001.
- Proven experience implementing and maintaining compliance with the Qatar National Information Assurance (NIA) framework.
- Experience managing PCI-DSS compliance, including gap assessments, remediation planning, certification readiness, and audit support.
- Strong understanding of Data Privacy and Protection requirements, privacy risk assessments, and personal data handling controls.
- Experience conducting information security risk assessments, developing risk treatment plans, and maintaining risk registers.
- Experience supporting ICOFR assessments, internal control testing, remediation activities, and audit coordination.
- Experience coordinating internal audits, external audits, certification audits, and regulatory compliance assessments.
- Strong knowledge of evaluating audit evidence from technology platforms, cloud environments, security tools, infrastructure, applications, and business systems.
- Experience working with Governance, Risk & Compliance (GRC) platforms and compliance management tools is an advantage.
- Excellent analytical, documentation, reporting, communication, presentation, and stakeholder management skills.
- Ability to produce executive-level dashboards, compliance reports, governance reports, and risk reports.
Preferred Certifications
One or more of the following certifications are preferred:
- ISO/IEC 27001:2022 Lead Auditor
- ISO/IEC 27001:2022 Lead Implementer
- Certified Information Security Manager (CISM)
- Certified in the Governance of Enterprise IT (CGEIT)
- Certified Information Systems Security Professional (CISSP)
Key Competencies
- Information Security Governance
- Cybersecurity Risk Management
- Enterprise Risk Assessment
- ISO/IEC 27001 ISMS
- Qatar National Information Assurance (NIA)
- PCI-DSS Compliance
- Data Privacy & Protection
- Internal Controls (ICOFR)
- Information Security Audit
- Regulatory Compliance
- Governance, Risk & Compliance (GRC)
- Security Policies & Standards
- Audit Management
- Compliance Monitoring
- Gap Analysis
- Risk Registers
- Control Assessment
- Executive Reporting
- Stakeholder Management
- Technical Documentation
Key Skills
Ranked by relevance
Related Jobs
3 roles aligned with this opportunity
IT Security Audit & Compliance Specialist
2026-05-24
Network Operations Center Team Lead
2026-06-19
Security Lead (MSSP)
2026-06-19
- Posted
- Jul 05, 2026
- Type
- Full-time
- Level
- Mid-Senior
- Location
- Doha
- Company
- Starlink Qatar
Industries
Categories
Related Jobs
3 roles aligned with this opportunity
IT Security Audit & Compliance Specialist
2026-05-24
Network Operations Center Team Lead
2026-06-19
Security Lead (MSSP)
2026-06-19