×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security Information Security IT Business Analyst

Consultant - GRC

Job in Doha, Baladīyat ad Dawḩah, Qatar
Listing for: Malomatia
Part Time position
Listed on 2026-02-28
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, Information Security, IT Business Analyst
Salary/Wage Range or Industry Benchmark: 400000 - 600000 QAR Yearly QAR 400000.00 600000.00 YEAR
Job Description & How to Apply Below

Overview

Corporate GRC requests are triaged, tracked, delivered, and reported with clear SLAs and priorities. Policies/standards/procedures are usable, enforced, and updated—not shelfware. Risk and compliance reporting is accurate, timely, and defensible for leadership and auditors. Client deliverables are clean, structured, and aligned to agreed frameworks (e.g., QCSF/NIA, ISO 27001, NIST). Stakeholders respect the function because you add clarity and control, not bureaucracy.

Responsibilities

1) Corporate GRC Operations (High-Volume Request Handling)

  • Act as the single point of accountability for BU GRC operations: intake, triage, prioritization, execution, and closure.
  • Build and run a GRC request pipeline (ticketing/backlog/kanban), including SLAs, dependencies, and status reporting.
  • Challenge vague requests: convert noise into clear scope, deliverables, owners, and deadlines.
  • Enforce governance through decisions and escalation.

2) Governance (Policies, Standards, Internal Controls)

  • Develop and maintain BU security governance artifacts: policies, standards, procedures, baselines, templates.
  • Ensure governance aligns with corporate requirements and applicable regulations, with traceability to controls/frameworks.
  • Drive policy adoption via implementation guidance, control owners, and periodic attestations.
  • Produce executive-friendly outputs: dashboards, governance reports, action trackers.

3) Risk Management (Practical, Not Theoretical)

  • Own the BU risk register: identification, assessment, scoring, treatment plans, and acceptance workflows.
  • Run risk workshops with IT/Operations/Projects to capture real risks and convert them into actions.
  • Track remediation progress, validate evidence, and report risk movement over time.

4) Compliance & Audit Execution (Evidence-Driven)

  • Lead BU readiness for internal/external audits: evidence collection, control testing coordination, gap closure plans.
  • Maintain compliance mapping for relevant frameworks (e.g., ISO 27001/27002, NIST CSF/800-53, CIS Controls, local frameworks such as QCSF/NIA when applicable).
  • Coordinate with Legal/HR/IT/Procurement on compliance topics (privacy, records, access controls, vendor risk).

5) Third-Party & Supplier Risk

  • Execute/coordinate third-party security assessments: questionnaires, evidence review, risk ratings, remediation follow-up.
  • Support contract/security clauses review with Procurement/Legal.
  • Maintain supplier risk records and ensure closure of high/critical findings.

6) Client-Facing GRC Delivery (Part-Time Allocation)

  • Contribute to client assessments and advisory engagements: maturity assessments, gap analysis, compliance roadmaps, risk registers, policies, and reporting.
  • Support delivery managers/project leads with structured, reusable deliverables and strong documentation quality.
  • Participate in client meetings/workshops and translate discussions into actionable outputs.

7) Metrics, Reporting, and Leadership Communication

  • Brief BU leadership with clear recommendations, decisions needed, and escalation items.
  • Maintain transparency: stakeholders should always know what’s in progress, blocked, overdue, and why.
Qualifications

Required Experience & Qualifications

  • 8 years in cybersecurity GRC, risk management, compliance, or audit-heavy security roles.
  • Solid understanding of security frameworks and control-based approaches: ISO 27001/27002, NIST CSF/800-53, CIS Controls (and QCSF/NIA if in Qatar context).
  • Experience with audits (internal/external), evidence management, and remediation tracking.
  • Strong stakeholder management across technical and non-technical teams.

Tools & Delivery Skills

  • Advanced documentation and structuring: MS Word/PowerPoint, clean formatting, executive summaries.
  • Strong Excel skills for trackers and reporting (risk registers, matrices, dashboards).
  • Familiarity with GRC tooling
  • Ability to manage workflows in Jira/Service Now/Planner/Trello or similar.
About Us

About Malomatia

malomatia is a leading Qatar-based IT services and solutions provider, bringing together top Qatari and international talent to deliver innovative, end-to-end technology solutions that empower clients to achieve their strategic goals.

Our mission

Empowering Qatar’s…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search