Cybersecurity Governance, Risk & Compliance (GRC) Specialist
Job Title
Cybersecurity GRC Specialist
Location
Dubai, UAE (Hybrid / Onsite)
Employment Type
Full-Time
About ProofOps
ProofOps is a cybersecurity services company focused on strengthening digital resilience through managed security operations, incident response, vulnerability management, penetration testing, threat intelligence, attack surface management, and cybersecurity consulting services. The company helps organizations establish robust security programs, manage cyber risk, and maintain compliance with industry standards and regulatory requirements.
We are seeking an experienced Cybersecurity Governance, Risk & Compliance (GRC) Specialist to lead and support cybersecurity governance initiatives, risk management programs, compliance assessments, and security framework implementation across client environments.
The ideal candidate will possess strong knowledge of cybersecurity standards, regulatory requirements, risk assessment methodologies, and information security governance practices. This role will work closely with clients, technical teams, and business stakeholders to ensure cybersecurity risks are effectively managed and compliance obligations are met.
Key Responsibilities
Governance & Security Frameworks
Develop, implement, and maintain cybersecurity governance programs.
Establish and manage Information Security Management Systems (ISMS).
Support implementation and maturity assessments for frameworks such as:
ISO 27001
NIST Cybersecurity Framework (CSF)
NIST 800-53
CIS Controls
PCI DSS
GDPR
UAE Information Assurance Standards
NIS2 and other regional regulatory requirements where applicable.
Develop cybersecurity policies, procedures, standards, and guidelines.
Risk Management
Conduct enterprise cybersecurity risk assessments.
Perform risk identification, analysis, treatment, and reporting.
Maintain organizational risk registers and risk treatment plans.
Facilitate business impact assessments and control effectiveness reviews.
Present risk findings and recommendations to management and clients.
Compliance & Audit Management
Conduct compliance gap assessments and readiness reviews.
Support internal and external audits.
Coordinate evidence collection and remediation activities.
Track compliance obligations and regulatory requirements.
Develop compliance dashboards and executive reports.
Third-Party & Vendor Risk Management
Perform vendor security assessments.
Review supplier compliance and security controls.
Manage third-party risk remediation activities.
Support procurement and due diligence security reviews.
Security Awareness & Advisory
Deliver cybersecurity awareness and governance workshops.
Provide strategic cybersecurity guidance to clients and stakeholders.
Assist organizations in developing security roadmaps and compliance strategies.
Support virtual CISO (vCISO) engagements when required.
Reporting & Metrics
Prepare executive-level risk and compliance reports.
Develop and track cybersecurity KPIs and KRIs.
Monitor compliance status across multiple frameworks and client environments.
Required Qualifications
Education
Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field.
Experience
4–8 years of experience in Cybersecurity Governance, Risk & Compliance.
Experience conducting risk assessments and compliance audits.
Hands-on experience implementing security governance frameworks.
Experience working within consulting, MSSP, SOC, or cybersecurity service environments is preferred.
Technical Knowledge
Information Security Governance
Enterprise Risk Management
Cybersecurity Risk Assessments
Compliance Auditing
Security Policy Development
Third-Party Risk Management
Business Continuity & Disaster Recovery
Security Awareness Programs
Vulnerability and Risk Reporting
Frameworks & Standards
Strong working knowledge of:
ISO 27001 / ISO 27002
NIST CSF
NIST 800-53
CIS Controls
PCI DSS
GDPR
SOC 2
UAE Cybersecurity Regulations
Cloud Security Governance (AWS, Azure, GCP)
Preferred Certifications
One or more of the following certifications are highly desirable:
CISSP
CISM
CRISC
ISO 27001 Lead Implementer
ISO 27001 Lead Auditor
CISA
PCI DSS ISA/QSA (preferred)
CCSK or CCSP
Key Competencies
Excellent analytical and problem-solving skills
Strong stakeholder management abilities
Executive-level communication and presentation skills
Risk-based decision-making mindset
Strong documentation and reporting capabilities
Ability to manage multiple client engagements simultaneously
High attention to detail and compliance requirements
ITHR 360 Consulting and ITHR Technologies Consulting exemplify professionalism, reliability, and resourcefulness in delivering tailored workforce management and technology solutions for businesses of all sizes. Our commitment to excellence drives us to offer premier recruitment and IT consulting services in competitive markets. With a focus on innovation, cost-effectiveness, and integrity, we prioritize the needs of our clients and talent, while upholding the highest professional standards across both HR and technology sectors.We tailor our solutions to meet the specific needs of every client, proudly offering premier recruitment services in a highly competitive market. Our dedication lies in providing innovative, comprehensive, and cost-effective services, all while maintaining the highest standards of integrity and professionalism, always prioritizing the needs of our clients and potential talents.
