Governance, Risk and Compliance Officer

We are looking to hire a skilled GRC officer who will be responsible for assessing the effectiveness, efficiency, and security of our IT systems, while ensuring compliance against industry standards, best practices, and internal processes and procedures. As part of his duties, he will be responsible for overseeing compliance with and reporting to Management on how to mitigate possible risk.

Responsibilities

• Develop, review, monitor, and implement the company's information security management system, including processes, policies, systems, and procedures, and continuously improve the ISMS to keep up with changing regulatory requirements and industry best practices.
• Develop, review, and monitor the Firm's business continuity & disaster recovery plan and identify potential risks areas and ensure steps are taken to mitigate same.
• Investigate and report violations of processes, procedures and regulatory standards across the operations of the Firm including but not limited to engineering and operations departments with effective action plans in response to discoveries and compliance violations.
• Build an internal audit plan and schedule to cover all aspects as per the management needs.
• Prepare internal audit reports detailing findings, recommendations, and corrective actions.
• Plan and conduct regular audits and assessments to identify areas of non-compliance and develop corrective action plans.
• Monitor and report on compliance issues, including data breaches, security incidents, and regulatory changes, and take appropriate actions to address them.
• Ensure that compliance-related issues are communicated effectively to the leadership team and the board of directors.
• Provide guidance and training employees on security & compliance-related topics, based on the best practices and industry standards.
• Foster a culture of compliance within the organization, where all employees understand the importance of compliance and their role in maintaining it.
• Liaise with external auditors and regulators as necessary to demonstrate compliance with relevant laws and regulations.
• Collaborate with cross-functional teams to ensure that compliance & ISMS requirements are integrated into all aspects of software development, project management and operations, etc.
• Migrate, manage, and excel the GRC tasks to a well-known GRC tool.
• Perform and manage an enterprise risk assessment across the organization, based on a defined risk management policy, and procedure.
• Work closely with all departments on risk management tasks, including identification & mitigation of risks.
• Work closely with all departments on their new tools and software's to make sure it follows ProgressSoft vision, policies, and to reflect on any required changes to the current processes and internal controls.
• Ability to read and understand third party agreements from Clients & assess the level of risk acceptance towards security terms and conditions.
• Ability to perform third party risk assessments (Vendor & Client).  
• Understand the internal workflows and procedures, assess any areas for improvement.

Requirements:

• Bachelor's degree in computer science or any related field.
• Minimum of 1-2 years' experience in areas related to Governance, Compliance Officer, IT Auditor or Information Technology Risk Management.
• Strong knowledge of IT auditing principles, practices, and frameworks (e.g., GRCP, COBIT, ISO 27001, or related discipline).
• Familiarity with security frameworks and compliance requirements (e.g., ISO27001, GDPR, PADSS).
• Familiarity of cybersecurity & compliance regulations across Middle East countries (e.g. Jordan/ UAE/ Oman/ Kuwait/ Qatar etc.).
• Proficiency in risk and audit tools and methodologies.
• Provide insights for informed decision-making.
• Excellent analytical, critical thinking and problem-solving skills.
• Excellent reporting and presentation skills.
• Exposure to IT Governance and its activities.
• Ability to work independently and as part of a team.
• Ability to multi-task, pay attention to details and meet deadlines.

Performance goal/KPI

• Ensure staff members comply with all laid down processes and procedures.
• Presentation to the top management and as may be required.
• Ensure Staff members comply with the of technology at all levels.
• Submission of timely and regular reporting to Management on the status of progress and achievements.