Cybersecurity Governance Risk And Compliance GRC Specialist

Job Description: Cybersecurity Governance, Risk & Compliance (GRC) Specialist

Job Title

Cybersecurity GRC Specialist

Location

Dubai, UAE (Hybrid / Onsite)

Employment Type

Full-Time

About ProofOps

ProofOps is a cybersecurity services company focused on strengthening digital resilience through managed security operations, incident response, vulnerability management, penetration testing, threat intelligence, attack surface management, and cybersecurity consulting services. The company helps organizations establish robust security programs, manage cyber risk, and maintain compliance with industry standards and regulatory requirements.

Role Overview

We are seeking an experienced Cybersecurity Governance, Risk & Compliance (GRC) Specialist to lead and support cybersecurity governance initiatives, risk management programs, compliance assessments, and security framework implementation across client environments.

The ideal candidate will possess strong knowledge of cybersecurity standards, regulatory requirements, risk assessment methodologies, and information security governance practices. This role will work closely with clients, technical teams, and business stakeholders to ensure cybersecurity risks are effectively managed and compliance obligations are met.

Key Responsibilities

Governance & Security Frameworks

Develop, implement, and maintain cybersecurity governance programs.

Establish and manage Information Security Management Systems (ISMS).

Support implementation and maturity assessments for frameworks such as:

ISO 27001

NIST Cybersecurity Framework (CSF)

NIST 800-53

CIS Controls

PCI DSS

GDPR

UAE Information Assurance Standards

NIS2 And Other Regional Regulatory Requirements Where Applicable.

Develop cybersecurity policies, procedures, standards, and guidelines.

Risk Management

Conduct enterprise cybersecurity risk assessments.

Perform risk identification, analysis, treatment, and reporting.

Maintain organizational risk registers and risk treatment plans.

Facilitate business impact assessments and control effectiveness reviews.

Present risk findings and recommendations to management and clients.

Compliance & Audit Management

Conduct compliance gap assessments and readiness reviews.

Support internal and external audits.

Coordinate evidence collection and remediation activities.

Track compliance obligations and regulatory requirements.

Develop compliance dashboards and executive reports.

Third-Party & Vendor Risk Management

Perform vendor security assessments.

Review supplier compliance and security controls.

Manage third-party risk remediation activities.

Support procurement and due diligence security reviews.

Security Awareness & Advisory

Deliver cybersecurity awareness and governance workshops.

Provide strategic cybersecurity guidance to clients and stakeholders.

Assist organizations in developing security roadmaps and compliance strategies.

Support virtual CISO (vCISO) engagements when required.

Reporting & Metrics

Prepare executive-level risk and compliance reports.

Develop and track cybersecurity KPIs and KRIs.

Monitor compliance status across multiple frameworks and client environments.

Required Qualifications

Education

Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field.

Experience

4–8 years of experience in Cybersecurity Governance, Risk & Compliance.

Experience conducting risk assessments and compliance audits.

Hands-on experience implementing security governance frameworks.

Experience working within consulting, MSSP, SOC, or cybersecurity service environments is preferred.

Technical Knowledge

Information Security Governance

Enterprise Risk Management

Cybersecurity Risk Assessments

Compliance Auditing

Security Policy Development

Third-Party Risk Management

Business Continuity & Disaster Recovery

Security Awareness Programs

Vulnerability and Risk Reporting

Frameworks & Standards

Strong working knowledge of:

ISO 27001 / ISO 27002

NIST CSF

NIST 800-53

CIS Controls

PCI DSS

GDPR

SOC 2

UAE Cybersecurity Regulations

Cloud Security Governance (AWS, Azure, GCP)

Preferred Certifications

One or more of the following certifications are highly desirable:

CISSP

CISM

CRISC

ISO 27001 Lead Implementer

ISO 27001 Lead Auditor

CISA

PCI DSS ISA/QSA (preferred)

CCSK or CCSP

Key Competencies

Excellent analytical and problem-solving skills

Strong stakeholder management abilities

Executive-level communication and presentation skills

Risk-based decision-making mindset

Strong documentation and reporting capabilities

Ability to manage multiple client engagements simultaneously

High attention to detail and compliance requirements