IT Risk, Governance and Compliance; GRC – Senior Executive

Responsibilities

• Develop, maintain, and enforce IT policies, standards, and procedures.
• Define and manage the IT governance framework aligned with business objectives.
• Develop and maintain IT risk management methodologies and processes.
• Conduct regular IT risk assessments, identifying threats, vulnerabilities, and control gaps.
• Maintain an IT risk register and track mitigation actions.
• Perform Business Impact Analysis (BIA) and support Disaster Recovery/BCP planning.
• Ensure compliance with internal and external requirements (ISO 27001, GDPR, SOC2, local regulations, etc.).
• Coordinate and support internal and external audits.
• Track remediation of audit findings and compliance issues.
• Evaluate third‑party risks and maintain vendor risk assessments.
• Ensure vendors comply with security and contractual requirements.
• Drive the company’s preparation and compliance for international standards and certifications (e.g., ISO 27001, SOC 2, Cyber Trust Mark by CSA).
• Promote a culture of IT risk awareness across the firm.

• At least 2 to 5 years of relevant experience in IT Governance, IT Audit and Risk Management.
• Experience with IT frameworks such as ISO 27001, COBIT, NIST, CIS Benchmarks, or ITIL.
• Experience with governance platforms or GRC tools (e.g. Drata, GRC, Archer, One Trust).
• Strong understanding of IT processes, systems, networks, and infrastructure.
• Able to work independently, good communication skills, multi-task, and a team player.
• Excellent documentation and report‑writing skills.
• Willingness to learn new frameworks and adapt to compliance changes.