Governance, Risk, and Compliance (GRC) Specialist
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
QatarEnergy LNG seeks a GRC Specialist to manage information security audits, compliance programs, and risk management. The role requires 5-8 years of experience in cybersecurity governance, ISO 27001, and PCI-DSS.
Key Skills for This Role
Responsibilities
- Develop and maintain IT security audit and compliance programs
- Plan, coordinate, and execute information security audit activities
- Conduct security compliance audits for systems, networks, and applications
- Monitor cybersecurity maturity and compliance posture
- Identify security risks, vulnerabilities, and compliance gaps
- Prepare audit reports and compliance status updates for management
- Liaise with internal and external audit teams
Requirements
- Bachelor's degree in IT, Computer Science, Cybersecurity, or related field
- 5 8 years of experience in Information Security Governance, Risk Management, Compliance, or Audit
- Hands on experience with ISO 27001 ISMS implementation
- Experience with Qatar NIA framework
- Experience with PCI DSS compliance and certification
- Knowledge of data privacy and protection requirements
- Experience conducting information security risk assessments
- Experience with ICOFR reviews and audits
- Experience with GRC platforms is an advantage
- Preferred certifications: CISA, CISSP, CISM, CGEIT, ISO 27001 Lead Auditor
Full Job Posting
Job Overview
- The IT Security Audit & Compliance Specialist manages information security audits, compliance programs, cybersecurity governance, and risk management.
- The role ensures compliance with security standards, regulatory requirements, data protection policies, and internal governance frameworks.
Key Responsibilities
- Develop and maintain comprehensive IT security audit and compliance programs.
- Plan, coordinate, and execute information security audit activities.
- Define audit scope, objectives, methodologies, and work plans.
- Develop and implement audit test plans for systems, applications, infrastructure, and cloud environments.
- Conduct security compliance audits for critical systems, networks, and applications.
- Maintain audit schedules, documentation, evidence collection, and reporting processes.
- Ensure timely closure of audit findings, non compliance issues, and remediation activities.
- Ensure compliance with organizational policies, regulatory requirements, contractual obligations, and security standards.
- Monitor cybersecurity maturity and compliance posture across operational and technical environments.
- Build and maintain controls matrices aligned with multiple security and compliance frameworks.
- Identify security risks, vulnerabilities, and compliance gaps, and recommend corrective actions.
- Conduct vulnerability and compliance assessments and coordinate remediation activities.
Qualifications & Experience
- Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Information Security, Risk Management, or related discipline.
- 5–8 years of experience in Information Security Governance, Risk Management, Compliance, Internal Controls, Audit, or Cybersecurity.
- Hands on experience in implementing, managing, or maintaining ISMS based on ISO/IEC 27001.
- Experience in Qatar NIA framework implementation, compliance monitoring, control assessment, and audit readiness.
- Experience in PCI DSS compliance and certification implementation.
- Knowledge of Data Privacy and Protection requirements.
- Proven experience conducting information security risk assessments, risk treatment planning, and maintaining risk registers.
- Experience supporting or coordinating ICOFR reviews, audits, control testing, and remediation activities.
- Experience coordinating internal audits, external audits, certification audits, and regulatory assessments.
- Knowledgeable in reviewing audit evidence from various technology platforms.
Technical Knowledge
- Strong understanding of information security frameworks and standards (ISO 27001/27002, NIST, CIS Benchmarks).
- Mandatory hands on knowledge of cloud security environments, IAM and PAM technologies, DLP solutions, and enterprise productivity and collaboration platforms.
Preferred Certifications
- CISA, CISSP, CISM, CGEIT, cloud security certifications, ISO 27001 Lead Auditor or equivalent.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Starlink Qatar
Senior Network Engineer – DNS, DHCP & IPAM
Doha, QAT
Starlink Qatar is seeking a Senior Network Engineer to support and manage a mission-critical enterprise DDI (DNS, DHCP, IPAM) environment. The role involves ensuring availability, security, and performance of DDI infrast
Service Consultant
Doha, QAT
Starlink Qatar is seeking a motivated Service Consultant for its field sales team, focusing on door-to-door sales of telecom products in Doha. The role involves prospecting, lead generation, and meeting sales targets. Ca
CCTV Infrastructure Specialist (Systems Engineer)
Doha, QAT
Starlink Qatar seeks a highly skilled CCTV Infrastructure Specialist to design, implement, and maintain critical CCTV surveillance systems and hyper-converged infrastructure (HCI). The role requires 5+ years of IT infras
Technical Project Manager
Doha, QAT
Starlink Qatar seeks an experienced Technical Project Manager to lead complex ICT infrastructure projects for enterprise and government customers. The role requires 8-12 years of project management experience in network
Head of Network Infrastructure Operations
Doha, QAT
Starlink Qatar seeks a Head of Network Infrastructure Operations to define and execute network infrastructure strategy, oversee 24/7 NOC operations, drive automation, and ensure security compliance. Requires 12-15 years
Technical Analyst
Doha, QAT
Starlink Qatar is hiring a Technical Analyst to support service delivery administrative operations. The role requires 3+ years of IT experience, bilingual English and Arabic skills, and proficiency in MS Office Suite.
Field Force Manager
Doha, QAT
Starlink Qatar seeks a Field Force Manager to lead Enterprise Field Operations in a 24x7 Telecom Managed Services environment. The role is accountable for end-to-end field service delivery, SLA/KPI achievement, workforce
Service Delivery Manager
Doha, QAT
Starlink Qatar is seeking a Service Delivery Manager to lead end-to-end delivery of Enterprise ICT Managed Services. The role requires 12+ years in telecom, 5+ years as SDM, and ITIL 4 MP/SL and PMP certifications. Respo
Senior Network Engineer – DNS, DHCP & IPAM
Doha, QAT
Service Consultant
Doha, QAT
CCTV Infrastructure Specialist (Systems Engineer)
Doha, QAT
Technical Project Manager
Doha, QAT
Head of Network Infrastructure Operations
Doha, QAT
Technical Analyst
Doha, QAT
Field Force Manager
Doha, QAT
Service Delivery Manager
Doha, QAT