GRC Implementation Consultant

Job Description: GRC Implementation Consultant Position Title: GRC Implementation Consultant Department: Governance, Risk & Compliance Reports To: Head of GRC Role Summary The GRC Implementation Consultant is responsible for planning, designing, implementing, and maturing Governance, Risk, and Compliance frameworks for the clients. This role liaises with business units, IT, auditors, and leadership to identify and deploy policies, controls, risk assessments, compliance programs, and GRC tool. The consultant ensures that regulatory, industry, and internal compliance requirements are translated into actionable controls and measurable outcomes. Key Responsibilities 1. GRC Framework Implementation Lead end-to-end implementation of GRC programs based on frameworks such as ISO 27001 and local regulations (e.g., UAE IA, TDRA, CSC, NCEMA). Develop and deploy governance structures, policies, standards, and procedures. Facilitate risk assessments (operational, IT, cybersecurity, vendor risk). Map risks to controls and recommend risk treatment plans. 2. Compliance & Audit Management Implement and monitor compliance programs to ensure adherence to regulatory and internal requirements. Conduct control assessments, maturity assessments, and internal audits. Support external audits by preparing evidence, documentation, and remediation plans. Track non-conformities, CAPA (Corrective Actions), and compliance KPIs. 3. Risk Management Activities Run enterprise, IT, cybersecurity, and vendor risk assessments. Maintain and update the enterprise risk register. Analyze threats, vulnerabilities, impact, and likelihood to calculate risk scores. Provide recommendations to mitigate or optimize risks. 4. Resilience and Business Continuity Design, implement, and maintain the Business Continuity Management System (BCMS) including Business Impact Analysis (BIA), Business Continuity & Recovery Planning, Crisis & Incident Management, Testing, Exercising & Maintenance, Training & Awareness, Compliance, Audit & Assurance 5. Stakeholder Engagement & Advisory Conduct workshops, awareness sessions, and training for process owners. Collaborate with IT, Business, HR, Legal, Operations, and external auditors. Serve as a subject matter advisor on governance, cyber regulations, and best practices. 6. Documentation & Reporting Prepare detailed project documentation, implementation plans, and status reports. Develop SoPs, risk treatment plans, audit reports, and compliance dashboards. Report risk posture, compliance gaps, KRIs, and KPIs to management. 7. Project Management Manage the client engagement independently in terms of Project plan, deliverables and closure Required Qualifications Education Bachelor's degree in information security, IT, Risk Management, or related field. Certifications (Mandatory) ISO 27001 Lead Implementer or Lead Auditor ISO 22301 Lead Implementer or Lead Auditor Certifications (Preferred) CRISC / CISM / CISSP ISO31000 (ERM) Skills & Competencies Strong knowledge of GRC frameworks and regulatory requirements. Excellent documentation and presentation skills. Strong analytical and problem-solving abilities. Ability to manage multiple clients, stakeholders and projects. Experience conducting risk assessments and control design. Understanding cybersecurity, IT processes, and audit methodologies. Experience Requirements 3–8 years of experience in GRC implementation or consulting. Experience in implementing ISMS & BCMS on ISO 27001, ISO 22301, UAE IA, NCEMA or equivalent frameworks. Practical experience leading audits, assessments, and GRC tool deployments. Experience in government/regulatory environments (e.g., UAE IA, NCEMA) is an advantage. Key Deliverables GRC framework implementation roadmap Policies, standards, and procedures Risk registers and treatment plans Compliance assessments and audit reports GRC tool dashboards, workflows, and automation Training and awareness sessions Soft Skills Leadership and influence without authority Ability to work under pressure and manage deadlines Strong stakeholder communication Attention to detail and structured thinking Preference shall be given to those in UAE and available for immediate join