The IT GRC Specialist will be responsible for developing, implementing, and maintaining the IT governance, risk management, and compliance framework within CEQUENS. This role requires a deep understanding of IT security principles, regulatory requirements, and risk management practices. The ideal candidate will possess strong analytical skills, attention to detail, and the ability to communicate effectively with stakeholders at all levels.

Key Roles and Responsibilities:

1. Governance:

• Develop and maintain IT governance policies, procedures, and standards in alignment with industry best practices and regulatory requirements.
• Implement governance frameworks such as COBIT, ISO 27001, NIST, SOC 2, PCI etc., to ensure effective IT governance across the organization.
• Coordinate with key stakeholders to establish IT governance committees and facilitate regular meetings to review IT policies and procedures.

2. Risk Management:

• Conduct risk assessments and identify potential threats and vulnerabilities within the IT infrastructure.
• Develop risk mitigation strategies and action plans to address identified risks.
• Monitor and track risk mitigation activities to ensure timely resolution and compliance with established policies and procedures.

3. Compliance:

• Stay current on relevant laws, regulations, and industry standards related to IT security and compliance in align with SAUDI Arabia CITC and SAMA, Egypt NTRA and Central bank, Europe .
• Conduct compliance assessments to evaluate adherence to regulatory requirements and internal policies.
• Prepare compliance reports and documentation for regulatory audits and reviews.

4. Security Awareness:

• Collaborate with the IT security team to develop and deliver training programs on IT governance, risk management, and compliance.
• Promote a culture of security awareness and compliance throughout the organization.

5. Continuous Improvement:

• Monitor industry trends and emerging technologies to identify opportunities for improving IT GRC practices.
• Proactively recommend enhancements to IT policies, procedures, and controls to strengthen the overall security posture of the organization.