GRC Specialist – Governance, Risk & Compliance

Job Description

Role Purpose

The GRC Specialist is responsible for supporting and enhancing Governance, Risk, and Compliance practices across the Ministry, with particular focus on digital governance, enterprise risk management, information security, business continuity, regulatory compliance, and emerging AI governance requirements.

The role works closely with business, technology, cybersecurity, legal, compliance, data, and digital transformation teams to strengthen governance maturity, improve risk visibility, support regulatory compliance obligations, and ensure alignment with UAE federal regulations, international standards, and government best practices.

Key Responsibilities

• Support the implementation and continuous improvement of enterprise Governance, Risk, and Compliance (GRC) frameworks in alignment with ISO 31000, ISO 27001, ISO 37301, ISO 22301, ISO 20000, ISO/IEC 42001, and relevant UAE federal governance requirements.
• Develop, review, and maintain governance policies, standards, procedures, guidelines, and control frameworks across areas including Digital Governance, Information Security, Business Continuity, IT Service Management, AI Governance, Audit, and Compliance Management.
• Coordinate with internal stakeholders to ensure compliance with UAE federal regulations, TDRA digital government requirements, UAE Personal Data Protection Law (PDPL), UAE IA/NESA standards, and other applicable regulatory obligations.
• Support governance reviews, policy exception management, compliance assessments, and follow-up activities related to audit observations and corrective action plans.
• Assist in preparing governance reports, dashboards, executive summaries, and compliance updates for management and governance committees.
• Track governance KPIs, KRIs, audit observations, and remediation activities to support continuous improvement and risk visibility across the Ministry.

• Assist in identifying, assessing, monitoring, and reporting enterprise, operational, technology, cybersecurity, and AI-related risks.
• Maintain enterprise risk registers, mitigation plans, governance dashboards, and risk reporting documentation.
• Support risk assessments, control evaluations, and mitigation activities across projects, systems, operational environments, and digital initiatives.
• Coordinate with relevant stakeholders to monitor risk treatment actions and escalate critical risks where required.
• Contribute to business continuity, operational resilience, and disaster recovery governance activities.

• Contribute to the implementation and continuous enhancement of AI governance and Responsible AI practices across the Ministry.
• Support the maintenance of AI model inventories, governance documentation, and AI lifecycle records.
• Assist in monitoring AI-related risks including fairness, transparency, explainability, privacy, ethical usage, human oversight, and Generative AI risks.
• Coordinate with relevant teams to ensure AI initiatives and digital solutions are aligned with approved governance, compliance, and risk management practices.
• Support alignment with frameworks such as NIST AI RMF, ISO/IEC 42001, UAE AI Governance principles, and related Responsible AI standards.
• Participate in governance reviews related to AI usage, third-party AI solutions, and emerging AI technologies.

• Support implementation and monitoring of information security controls aligned with ISO 27001 and related governance frameworks.
• Assist in privacy and data protection initiatives including PIMS / ISO 27701 related activities.
• Coordinate with IT, cybersecurity, enterprise architecture, and digital teams to ensure governance and control measures are embedded within systems, platforms, and digital services.
• Support digital governance activities related to enterprise systems, digital transformation initiatives, technology standards, and architecture compliance reviews.
• Contribute to governance assessments related to operational resilience, service continuity, and digital compliance requirements.

• Work closely with business, IT, cybersecurity, legal, compliance, audit, data, and AI teams to strengthen governance and risk management practices across the Ministry.
• Support awareness sessions, workshops, and training initiatives related to GRC, information security, compliance, and Responsible AI.
• Prepare presentations, governance reports, dashboards, and management updates for leadership and relevant committees.
• Participate in governance meetings, working groups, and cross-functional initiatives related to risk, compliance, and digital governance.

Tools & Technologies

Corporater, Archer, ServiceNow, AuditBoard, Jira, Power BI, Microsoft 365, Governance & Risk Platforms.

• Bachelor's degree in Information Security, Computer Science, Information Technology, Business Technology, Risk Management, or a related field.
• Master's degree or MBA is considered an advantage.
• Minimum 8–10 years of relevant experience in Governance, Risk, Compliance, Information Security, Digital Governance, or Enterprise Risk Management.
• Experience within government entities or large enterprise environments is preferred.

• ISO 27001 Lead Auditor / Lead Implementer
• ISO 31000 Risk Management
• ISO 37301 Compliance Management
• ISO 22301 BCMS
• CISSP, CISA, CISM, CRISC, CGRC, CRMA, PMI-RMP
• COBIT / ITIL Certifications
• AI Governance or Responsible AI related certifications are considered an advantage.

• Strong understanding of governance, risk, compliance, and regulatory environments.
• Good understanding of digital governance, cybersecurity governance, and enterprise risk management practices.
• Familiarity with AI/ML governance concepts and Responsible AI principles.
• Experience in policy development, audit coordination, compliance assessments, and governance reporting.
• Strong analytical, documentation, communication, and stakeholder management skills.
• Ability to work across multiple teams and manage competing priorities effectively.

• Effective implementation and enhancement of governance and compliance initiatives.
• Improved visibility of enterprise and technology risks through effective governance reporting and dashboards.
• Successful support of audit, compliance, and regulatory activities.
• Adoption and operationalization of governance and Responsible AI practices across the Ministry.
• Timely closure of governance observations, compliance gaps, and risk mitigation actions.