Manager GRC - IT Risk and Cyber Security
edari · Dubai, United Arab Emirates
قدّم وتابع مع أبلاي إيدجWe are looking to hire a Manager GRC - IT Risk and Cyber Security who will be responsible for driving technology governance, compliance assurance, audit readiness, and risk oversight initiatives for our semi-government client based in Dubai – one of the largest organisations in the region.This position is a long term annually renewable contract role and sits within the Information Technology Department, reporting directly to the Head of GRC – Technology.We are specifically seeking a hands-on GRC practitioner with strong day-to-day experience working on the ServiceNow GRC platform, not just oversight or advisory exposure.The ideal candidate will play a key operational role in configuring, managing, and continuously improving the GRC platform, while also driving policy, compliance, and risk management initiatives across the organisation.This role requires someone who can bridge technical GRC tooling with real-world risk and compliance execution, ensuring that governance frameworks are not only defined but actively embedded and monitored across systems and processes.Key ResponsibilitiesOwn and operate the ServiceNow GRC platform on a day-to-day basis, including configuration, module management, and continuous enhancementManage and operationalise key GRC modules within ServiceNow, including Policy & Compliance Management, Risk Management,Third-Party Risk Management (TPRM) and Regulatory Change Management.Ensure accurate and real-time reporting dashboards are maintained within the platform for leadership and governance forumsTranslate compliance and risk requirements into practical workflows, controls, and automated monitoring within ServiceNowAlign technology governance and compliance activities with recognised standards such as ISO 27001, ISO 20000, ISO 42000, COBIT, and ITILLead ISO framework implementation and ongoing compliance maturity initiatives, including control mapping and gap assessmentsDefine and manage the technology compliance roadmap, including policy lifecycle planning and audit readinessOwn the end-to-end policy lifecycle (drafting, review, approval, implementation, and governance within systems)Coordinate internal and external audits, ensuring evidence is system-driven, traceable, and audit-readyMonitor and enforce operational controls such as Access and identity management, Change management processes, Backup and recovery controls and CMDB governanceDrive risk identification, assessment, and mitigation activities, ensuring alignment between business, IT, and compliance stakeholdersSupport governance and compliance requirements for emerging technologies (e.g., AI/ML) and evolving regulatory landscapesKnowledge, Skills & Experience10+ years’ experience in technology risk, IT compliance, or GRC roles within large enterprise environmentsStrong hands-on experience with ServiceNow GRC is mandatory (candidates without practical platform ownership will not be considered)Proven experience in configuring, managing, and operating GRC tools, not just using them for reporting or trackingDemonstrated experience managing:Policy & compliance frameworksRisk registers and assessmentsThird-party/vendor riskRegulatory change processesSolid experience in ISO implementations (e.g., ISO 27001, ISO 20000, ISO 42000), including audits and certification cyclesStrong understanding of COBIT, ITIL, and enterprise IT control environmentsExperience in audit coordination with clear ownership of remediation tracking and closureAbility to translate technical risks into clear, actionable insights for business stakeholdersStrong technical acumen combined with operational execution capabilityRelevant certifications such as ISO 27001 Lead Auditor/Implementer, CRISC, CISSP, CISM, CISA, ITIL, or COBIT are highly preferredAvailabilityPreference will be given to candidates who are immediately available or on short notice (30 days or less)