At PDI Partners, we are seeking a highly structured and strategic GRC Implementation Specialist to join our Technology Advisory practice. In this role, you will bridge the gap between high-level regulatory mandates and on-the-ground technical operations, helping our enterprise clients build sustainable, scalable Governance, Risk, and Compliance programs.
Responsibilities:
- Framework Operationalization: Design, document, and implement comprehensive GRC frameworks aligned with global standards (NIST CSF, ISO 27001/27005, COBIT) and regional mandates (UAE NESA, SAMA Cybersecurity Framework, CBUAE).
- Control Design: Translate complex regulatory requirements into practical, measurable IT General Controls (ITGC) and operational procedures for enterprise IT teams.
- Platform Architecture & Automation: Assist clients in evaluating, architecting, and optimizing top-tier GRC and IRM platforms (such as RSA Archer, MetricStream, ServiceNow GRC, AuditBoard, or OneTrust) to automate control testing and continuous monitoring, always maintaining our strictly vendor-agnostic advisory stance.
- Risk Assessments: Conduct end-to-end cyber risk assessments, gap analyses, and third-party vendor risk management (TPRM) reviews.
- Data Governance & Privacy: Support the implementation of data protection programs to ensure compliance with regional privacy laws (e.g., UAE PDPL).
- Stakeholder Enablement: Conduct risk workshops and training sessions to embed a culture of security and compliance across client organizations.
Requirements:
- Bachelor’s degree in Information Technology, Cybersecurity, Business Administration, or a related field.
- Minimum of 3-5 years of dedicated experience in Cyber GRC, Technology Risk, or IT Audit.
- Required Certifications: Must hold or be actively pursuing premier industry certifications such as CRISC, CISA, CISM, or CDPSE.
- Vendor Ecosystem Experience: Proven hands-on experience deploying, configuring, or auditing major enterprise GRC/IRM solutions (e.g., MetricStream, RSA Archer, ServiceNow, Diligent/Galvanize).
- Deep, practical expertise in mapping out control matrices and writing enterprise-grade security policies and procedures.
- Proven experience navigating the GCC regulatory landscape (NESA, SAMA, NCA) is highly preferred.
- Exceptional stakeholder management skills, with the ability to lead risk discussions with both technical engineers and business-unit leaders.
What We Offer:
- A competitive compensation package tailored to your expertise, complete with comprehensive benefits.
- The agility and autonomy of a specialized advisory boutique—step out of the “Big-4 machine” and directly own your project deliverables.
- Exposure to complex, high-stakes enterprise environments across the UAE, KSA, US, and Australia.
- A dedicated commitment to your professional growth, including funded certification paths and continuous training in emerging tech governance (e.g., AI and Cloud Risk).
If you are passionate about transforming compliance from a “tick-box” exercise into a strategic business enabler, we want you on our team.
