Information Technology Governance, Risk, and Compliance Manager

the IT Governance, Risk, and Compliance (GRC) Manager at ALJ Enterprises, you will be responsible for ensuring the effective management and oversight of IT governance, IT risk management, and IT compliance activities across the organization.

You will play a critical role in establishing and maintaining a robust framework for identifying, assessing, and mitigating IT-related risks, as well as ensuring compliance with relevant regulations and industry standards.

Additionally, you will lead efforts to continuously improve and optimize IT GRC processes and procedures to enhance the overall security posture of the organization.

Responsibilities:

• Develop and implement an IT GRC framework, policies, and procedures to manage IT-related risks effectively and ensure compliance with regulatory requirements and industry standards.
• Establish and maintain an IT risk management program that includes risk identification, assessment, prioritization, mitigation, and monitoring.
• Conduct regular IT and Digital risk assessments and gap analyses to identify potential vulnerabilities and areas for improvement.
• Collaborate with IT, Digital, Innovation, and business stakeholders to define and implement controls and mitigation strategies to address identified risks.
• Monitor regulatory developments and industry trends to ensure ongoing compliance with relevant laws, regulations, and best practices.
• Oversee the execution of IT compliance activities, including audits, assessments, and certifications, to validate adherence to established policies and standards.
• Provide guidance and support to IT teams and business units on GRC-related matters, including risk identification, assessment methodologies, and compliance requirements.
• Develop and deliver training programs and awareness initiatives to promote a culture of compliance and risk awareness across the organization.
• Manage relationships with internal and external auditors, regulators, and other third-party stakeholders involved in IT GRC activities.
• Lead incident response and remediation efforts in coordination with relevant stakeholders to address security incidents and compliance violations.

Requirements:

• Bachelor's degree in Information Technology, Computer Science, Business Administration, or related field. An advanced degree or professional certification in IT governance, risk management, or compliance (e.g., CISA, CISM, CRISC, CISSP, CGEIT) is preferred.
• Minimum of 8 years of experience in IT governance, risk management, compliance, or related fields, with at least 3 years in a leadership or managerial role.
• Deep understanding of IT governance frameworks, standards, and best practices (e.g., COBIT, ISO 27001, NIST Cybersecurity Framework).
• Proven track record of developing and implementing effective IT GRC programs in complex organizational environments.
• Strong knowledge of regulatory requirements and compliance frameworks relevant to the organization's industry and geographical footprint.
• Excellent analytical, problem-solving, and decision-making skills, with the ability to assess and prioritize risks effectively.
• Strong communication and interpersonal skills, with the ability to effectively engage and influence stakeholders at all levels of the organization.
• Ability to work collaboratively in a cross-functional environment and effectively manage relationships with internal and external stakeholders.
• Fluency in English is required, and proficiency in Arabic is a plus.