The Governance, Risk, and Compliance (GRC) team member will be reporting to the Head of Information Security and is responsible for supporting and enhancing the organization’s efforts to ensure adherence to policies, regulatory requirements, and industry security best practices. This role involves coordinating, executing, and overseeing various tasks related to governance, risk management, and compliance to protect the organization's assets, reputation, and ensure operational effectiveness.
The GRC specialist will work together with the Security Operations Leader, Security Operations Engineer, and QIMA internal stakeholders to meet the objectives of the audit requirements, identify risks present in the group, and to assess non-conformities and non-compliance against the organization’s Information Security Management System Policy and align the remediation plan with target dates against the respective owners.
The GRC specialist must have a good understanding of the different security and data privacy laws and regulations and industry security best practices with the ability to apply these standards to the QIMA environment.
Key Responsibilities:
- Governance:
- Develop, implement, and maintain policies, procedures, and frameworks to support QIMA’s organizational governance objectives.
- Foster a culture of security, compliance and ethical behavior within the organization.
- Conduct regular assessments and audits of governance processes to identify areas for improvement.
- Risk Management:
- Identify, assess, and prioritize risks for remediation that may impact the organization’s operations and overall security posture.
- Develop risk mitigation strategies and monitor their effectiveness, until closure.
- Maintain a risk register and ensure all risks are documented, evaluated, and tracked.
- Collaborate with various departments to create and implement risk management plans.
- Compliance:
- Stay up to date with changing regulations and assess their impact on the organization.
- Work with the Data Privacy Office and Legal teams to ensure the organization complies with all relevant laws, regulations, and standards.
- Conduct regular internal reviews and identify non-conformities against QIMA’s Information Security Management System Policy that needs to be addressed.
- Deploy regular security awareness to all employees and work with training team for security trainings and programs to be delivered to QIMA.
- Documentation and Reporting:
- Maintain accurate records of GRC activities, including policy documents, risk assessments, and compliance reports.
- Prepare and present reports on governance, risk, and compliance activities to senior management and the board of directors.
- Document incidents and breaches and manage remediation actions.
- Collaboration and Communication:
- Liaise with Security, IT, Compliance, Legal, HR, and other departments and stakeholders to ensure cohesive compliance and risk management efforts.
- Act as a point of contact for regulatory bodies, auditors and client security requirements.
- Provide guidance and support to all QIMA employees on GRC-related matters.