4 Grc Intern jobs in Bahrain

• Developing, implementing, and maintaining information security policies, standards, and procedures aligned with industry best practices and regulatory requirements (e.g., ISO 27001, NIST, PCI DSS).
• Conducting regular information security risk assessments, identifying vulnerabilities, and recommending appropriate mitigation strategies.
• Managing and executing internal and external security audits, ensuring compliance with established controls.
• Developing and delivering security awareness training programs for employees across the organization.
• Monitoring the security landscape for emerging threats and vulnerabilities and recommending proactive defense measures.
• Responding to and investigating security incidents, performing root cause analysis, and implementing corrective actions.
• Managing third-party risk assessments to ensure vendor compliance with security requirements.
• Maintaining documentation related to GRC activities, including risk registers, audit findings, and policy exceptions.
• Collaborating with IT, legal, and business units to integrate security considerations into business processes and projects.
• Staying current with the latest security threats, technologies, and regulatory changes.

• Develop, implement, and maintain information security policies, standards, and procedures in alignment with best practices and regulatory requirements (e.g., ISO 27001, NIST).
• Conduct risk assessments and vulnerability analyses to identify and prioritize security threats and weaknesses across the organization's IT infrastructure and systems.
• Develop and manage the company's risk register, tracking identified risks and mitigation efforts.
• Plan and execute internal and external security audits to assess compliance with policies and regulations.
• Investigate security incidents, perform root cause analysis, and implement corrective actions to prevent recurrence.
• Develop and deliver security awareness training programs for employees.
• Manage third-party risk assessments to ensure vendor compliance with security requirements.
• Stay abreast of evolving security threats, vulnerabilities, and regulatory changes, and update security controls accordingly.
• Collaborate with IT, legal, and business units to ensure security requirements are integrated into system development lifecycle (SDLC) and business processes.
• Prepare comprehensive reports on security posture, risk status, and compliance for senior management.
• Contribute to the continuous improvement of the information security program.

Job Number: GRC(Governance, Risk & Compliance)Consultant/ Senior Consultant

Location: Bahrain

Category: Technology Advisory

Grant Thornton Abdulaal Bahrain is expanding their IT GRC practice and look to hire candidate's forConsultant/ Senior Consultant roles. As an integral member of the IT Advisory team, reporting to the responsibility of the GRC team is to carry out the engagements related to policy compliance, security requirements governance, as well as risk management.

The ideal candidate will have knowledge of risk management, security and privacy practices and be an effective communicator, both written and verbal.

Responsibilities include:

• Lead and/or execute GRC engagements and IT audits.
• Review and/or prepare project deliverables.
• Point of contact for the client during the engagement execution.
• Develop and participate in implementation of client initiatives focused on the reduction of technology risk, governance and compliance to policies and external regulatory compliance.
• Evaluate business and IT risks.
• Audit IT organizations, IT processes and IT systems against regulations, standards and good practices such as COBIT and ITIL.
• Develop IT security standards, procedures, and controls to manage risks. Improve clients security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
• Evaluation information security threats and their impact clients IT environment.
• Support the senior team members, assist with the analysis of requirements and design of clients information security posture, as well as Legal, Regulatory and Scheme security requirements.
• Support the senior team members in delivery of work streams for clients in compliance standards such as PCI DSS, ISO27001, EU GDPR and Bahrain PDPL and incident management disciplines.
• Perform and investigate internal and external information security risk and exceptions assessments.
• Assessing incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
• Document and reporting control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
• Stay current on best practices and technological advancements and acts as a technical resource for security assessment and regulatory compliance.
• Perform other related duties as assigned from time to time based on the business requirements.
• Knowledge of virtualization and cloud computing would be essential.

Skills:

• Understanding of ISO 27001, PCI DSS, ITIL, ITSM, COBIT, ISO 3100, NIST standards and frameworks preferred.
• For GRC role hands on experience on VA tools e.g., Nessus, Qualys etc would be an advantage.
• Experience of risk management principles and associated methodologies
• Ideally will have a CEH/ ISO 27001 ISMS/ ISO 22301 BCMS/ CISA/ COBIT/ CISM qualification.
• Proven ability to make sound pragmatic decisions and judgements under tight timelines.
• Strong interpersonal and influencing skills with the ability to influence and drive change in a collaborative way both internally and externally.

Essential requirements:

• Experience: 1 to 5+ years experience in IT Governance, Risk & Compliance.
• Ability to work in a fast-paced, high-pressure atmosphere by being attentive and having a strong eye for details.
• Strong leadership and personnel management skills.
• Exceptional client service along with the ability to develop excellent client relationships.
• Good at meeting deadlines and solving problems.
• Good communication skills, both verbal and writteninEnglish language is mandatory (Arabic will be a plus)