-
Starlink Qatar

Governance, Risk, and Compliance (GRC) Specialist

Starlink Qatar
Qatar · Full-time · Mid-Senior

We are seeking an experienced Information Security Governance, Risk & Compliance (GRC) Specialist to strengthen the organization's cybersecurity governance framework and ensure compliance with local and international regulatory requirements. The successful candidate will be responsible for driving information security governance initiatives, managing enterprise security risks, maintaining compliance with industry standards, supporting audits, and ensuring the effectiveness of security controls across the organization.


This role requires strong expertise in ISO 27001, Qatar National Information Assurance (NIA), PCI-DSS, data privacy, risk management, and internal control frameworks, while working closely with business stakeholders, technology teams, auditors, and regulators.


Key Responsibilities


Information Security Governance


  • Support the implementation, maintenance, and continual improvement of the organization's Information Security Management System (ISMS) aligned with ISO/IEC 27001.
  • Develop, review, and maintain information security policies, standards, procedures, and governance documentation.
  • Monitor compliance with internal security policies, regulatory requirements, and industry best practices.
  • Promote security governance and security awareness across the organization.


Risk Management


  • Conduct enterprise information security risk assessments across technology, applications, infrastructure, cloud services, and business processes.
  • Maintain the organization's cybersecurity risk register and ensure timely risk treatment activities.
  • Facilitate risk identification workshops with business and technology stakeholders.
  • Monitor risk mitigation plans and provide regular reporting to management.


Compliance Management


Lead and support compliance initiatives related to:


  • ISO/IEC 27001
  • Qatar National Information Assurance (NIA)
  • PCI-DSS
  • Data Privacy and Protection requirements
  • Perform compliance assessments, control reviews, gap analyses, and remediation tracking.
  • Coordinate certification readiness activities and ensure ongoing compliance.


Audit & Assurance


  • Coordinate internal audits, external audits, certification audits, and regulatory assessments.
  • Prepare audit evidence and validate documentation supporting security controls.
  • Review technical evidence from infrastructure, cloud environments, applications, security platforms, and business systems to determine control effectiveness.
  • Track audit findings and ensure timely remediation and closure.


Internal Controls


  • Support ICOFR (Internal Controls over Financial Reporting) reviews and control testing activities.
  • Coordinate remediation efforts with business and technology teams.
  • Ensure security controls align with financial reporting and governance requirements.


Reporting & Stakeholder Management


  • Prepare executive dashboards, governance reports, compliance reports, audit reports, and cybersecurity risk reports.
  • Present findings, recommendations, and compliance status to senior management and key stakeholders.
  • Work collaboratively with internal teams, external auditors, regulators, and third-party service providers.
  • Provide guidance on governance, risk, and compliance best practices across the organization.


Required Qualifications


  • Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Information Security, Risk Management, or a related discipline.
  • 5–8 years of experience in Information Security Governance, Risk Management, Compliance, Internal Controls, Information Security Audit, or Cybersecurity.
  • Hands-on experience implementing, maintaining, or managing Information Security Management Systems (ISMS) based on ISO/IEC 27001.
  • Proven experience implementing and maintaining compliance with the Qatar National Information Assurance (NIA) framework.
  • Experience managing PCI-DSS compliance, including gap assessments, remediation planning, certification readiness, and audit support.
  • Strong understanding of Data Privacy and Protection requirements, privacy risk assessments, and personal data handling controls.
  • Experience conducting information security risk assessments, developing risk treatment plans, and maintaining risk registers.
  • Experience supporting ICOFR assessments, internal control testing, remediation activities, and audit coordination.
  • Experience coordinating internal audits, external audits, certification audits, and regulatory compliance assessments.
  • Strong knowledge of evaluating audit evidence from technology platforms, cloud environments, security tools, infrastructure, applications, and business systems.
  • Experience working with Governance, Risk & Compliance (GRC) platforms and compliance management tools is an advantage.
  • Excellent analytical, documentation, reporting, communication, presentation, and stakeholder management skills.
  • Ability to produce executive-level dashboards, compliance reports, governance reports, and risk reports.


Preferred Certifications


One or more of the following certifications are preferred:


  • ISO/IEC 27001:2022 Lead Auditor
  • ISO/IEC 27001:2022 Lead Implementer
  • Certified Information Security Manager (CISM)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified Information Systems Security Professional (CISSP)


Key Competencies


  • Information Security Governance
  • Cybersecurity Risk Management
  • Enterprise Risk Assessment
  • ISO/IEC 27001 ISMS
  • Qatar National Information Assurance (NIA)
  • PCI-DSS Compliance
  • Data Privacy & Protection
  • Internal Controls (ICOFR)
  • Information Security Audit
  • Regulatory Compliance
  • Governance, Risk & Compliance (GRC)
  • Security Policies & Standards
  • Audit Management
  • Compliance Monitoring
  • Gap Analysis
  • Risk Registers
  • Control Assessment
  • Executive Reporting
  • Stakeholder Management
  • Technical Documentation

Key Skills

Ranked by relevance

cybersecurity cloud dss cism
Login to Apply
Posted
Jul 05, 2026
Type
Full-time
Level
Mid-Senior
Location
Doha

Industries

Information Services Computer Network Security Technology Information Media

Categories

Information Technology

Related Jobs

3 roles aligned with this opportunity

View all jobs
View Job Details
Starlink Qatar
Related

IT Security Audit & Compliance Specialist

2026-05-24

Full-time
Mid-Senior
Qatar
Information Services
Information Technology
View Job Details
Starlink Qatar
Related

Network Operations Center Team Lead

2026-06-19

Full-time
Mid-Senior
Qatar
Technology
Information Technology
View Job Details
Starlink Qatar
Related

Security Lead (MSSP)

2026-06-19

Full-time
Mid-Senior
Qatar
Computer
Management