Job Description

Join our dynamic Information Security team as a Digital Risk GRC Expert and play a key role in shaping the firm’s security and compliance strategy. This is your opportunity to drive real impact by helping us manage risk, stay ahead of regulatory challenges, and build a best-in-class governance, risk, and compliance program. You will work cross-functionally with business and technical teams to implement robust frameworks that ensure resilience, regulatory alignment, and business continuity.

What you will be working on

Lead Risk & Compliance Initiatives

• Drive the development and deployment of technical security standards and tools to proactively mitigate information security risks.
• Lead the identification and treatment of non-conformities and exceptions related to security policies, ISO27001 norms, and GDPR compliance.
• Conduct thorough compliance assessments and provide guidance on regulatory and contractual requirements.
• Review contracts with a security lens and contribute to client RFPs by ensuring compliance and security excellence in all deliverables.

Build and Strengthen Governance Frameworks

• Develop a scalable risk decision-making framework to prioritize focus areas and support informed decisions.
• Partner with key stakeholders (Information Security Officer, NITSO, QRMP) to align governance efforts and embed security into the business.
• Monitor evolving regulations and industry standards to ensure ongoing compliance and adapt security policies accordingly.

Enhance Risk Management Capability

• Design and implement a Risk Management Framework using ISO27005 standards and associated tools.
• Perform regular risk assessments, track compliance metrics, and drive continuous improvement.
• Provide insights and support for internal and external audits, as well as third-party security evaluations.

What we look for

Your Background

• Master’s degree in IT or a related field, with a specialization in Information Security.
• Minimum of 6 years of hands-on experience in information security, including at least 2 years focused on compliance and/or risk management.
• Your Skills and Knowledge
• Deep understanding of ISMS and ISO 27001 implementation.
• Proficient in Information Security Risk Management methodologies (ISO27005).
• Solid knowledge of IT systems including infrastructure, software development, and data protection.
• Certifications such as ISO27001 Lead Implementer and ISO27005 Risk Manager are essential.
• CISSP, CISM, or similar credentials are a strong plus.
• Strong project management capabilities and the ability to lead cross-functional initiatives.

Your Personal Strengths

• Meticulous, analytical, and results-driven.
• Exceptional communication, writing, and documentation skills.
• Comfortable engaging with stakeholders at all levels and presenting complex ideas with clarity.
• A proactive and independent mindset, with the ability to collaborate effectively in a team setting.
• A client-focused and business-oriented approach to solving security challenges.