GRC Senior Analyst/Specialist

Role Overview

This position plays a key role in strengthening governance, risk, and compliance activities by ensuring cyber and information security practices remain aligned with national cyber regulations, internal security policies, and government assurance expectations. The role is centered on identifying, evaluating, and managing security risks across systems and business operations, while also tracking compliance obligations, control effectiveness, audit findings, and remediation progress.

The successful candidate will work closely with security, IT, and government counterparts to reinforce cybersecurity governance, contribute to accreditation-related work, and help maintain continuous adherence to national cybersecurity requirements.

Core Activities

• Provide specialist guidance on governance, risk, and compliance topics.
• Assess and refine enterprise cybersecurity architecture to improve alignment with security and business goals.
• Examine Qatar Cyber Security Framework evidence and advise on compliance improvements.
• Offer practical cybersecurity advice and solutions to internal teams.
• Identify cyber risks and propose suitable mitigation actions.
• Assist in applying cybersecurity policies, standards, and established best practices.
• Work with technical and business stakeholders to strengthen the organization’s security posture.
• Prepare management reports, assessments, and recommendations.
• Keep current with new cyber threats, technologies, and regulatory changes.

Key Responsibilities

• Serve as a go-to expert for cybersecurity governance, risk, and compliance matters.
• Review and improve enterprise cybersecurity architecture so it supports organizational and security requirements.
• Measure compliance against the Qatar Cyber Security Framework and suggest corrective actions where needed.
• Provide strategic cybersecurity advice to teams across the organization.
• Design and recommend security controls and solutions based on risk findings.
• Support cyber audits, compliance reviews, and assessment activities.
• Ensure cybersecurity initiatives are consistent with internal policies and industry standards.
• Produce clear documentation, reports, and technical recommendations.
• Guide stakeholders on cybersecurity good practices when required.

Requirements

Education: A bachelor’s or master’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a closely related field.

Experience: At least 10 years of cybersecurity experience, with deep exposure to governance, risk and compliance, enterprise cybersecurity architecture, and regulatory compliance.

Mandatory Certifications: CIIP (Certified Information Infrastructure Professional) and CISM (Certified Information Security Manager).

Preferred Certifications: GICSP (Global Industrial Cyber Security Professional) and CCISO (Certified Chief Information Security Officer).

Skills & Competencies: Strong command of GRC frameworks, significant experience in enterprise cybersecurity architecture, solid understanding of the Qatar Cyber Security Framework, and strong consulting/advisory capability. The role also requires strong analytical and problem-solving skills, the ability to evaluate risks and propose effective security measures, excellent communication and report-writing ability, and confidence working both independently and with cross-functional teams. Familiarity with international cybersecurity standards and best practices is also important.

Language: English and Arabic proficiency is required.

Additional Information

Location: Doha, Qatar. This is a full-time onsite role.