On behalf of our client, a leading legal professional services organisation, GRS are recruiting a GRC Specialist who will be responsible for developing and maintaining the company’s governance, risk management, and compliance programmes. The successful candidate will collaborate with various departments to ensure that the company adheres to all relevant laws, regulations, and industry practices (including ISO standards, cybersecurity practices, and GDPR), that the risk management strategies are effectively implemented, and that the company maintains a robust security posture. If you feel you have the necessary skills and experience, then we look forward to receiving your CV for this Malta based GRC Specialist role.
-
ISO Compliance: Develop, implement, and maintain ISO management systems across the relevant legal entities.
-
Ensure compliance with ISO standards (e.g., ISO 27001, ISO 9001) and relevant regulations.
-
Conduct regular audits and assessments to evaluate compliance with ISO frameworks.
-
Prepare and present ISO compliance reports to senior management and relevant committees.
-
Cybersecurity Compliance: Develop, implement, and maintain GRC frameworks that align with cybersecurity standards and regulations (e.g., NIST, ISO 27001, GDPR).
-
Conduct regular audits and assessments to ensure compliance with cybersecurity policies and practices and provide remediation guidance.
-
Prepare and present cybersecurity compliance reports to senior management and relevant committees.
-
Stay current on best practices and technological advancements, acting as a point of reference for security assessments and regulatory compliance.
-
Contribute to the development of appropriate security KPIs, objectives, and strategies to improve the firm’s security posture and maturity. Develop reporting metrics, dashboards, and evidence artifacts to communicate with business stakeholders periodically.
-
Governance: Establish and enforce governance frameworks and policies aligned with ISO standards.
-
Monitor compliance with internal policies and regulatory requirements.
-
Prepare and present governance reports (including compliance monitoring reports) to senior management and relevant committees and provide remediation guidance.
-
Collaborate with internal and external stakeholders to address and resolve compliance issues identified in the compliance monitoring reports.
-
Stay updated on relevant laws, regulations, and standards that impact the firm.
-
Risk Management: Identify and assess firm related risks, including those related to information security, data privacy, and technology operations.
-
Develop and implement risk mitigation strategies and action plans to address identified vulnerabilities.
-
Monitor the effectiveness of risk management practices.
-
Maintain the firm’s risk registers.
-
Attend and contribute to internal risk committees, providing insights and recommendations.
-
Prepare and present risk reports to senior management and relevant committees and provide remediation guidance.
-
Act as the Risk Officer of any of the legal entities.
-
Assist firm members in supplier onboarding risk assessment processes.
-
Training and Awareness: Conduct training sessions and workshops to raise awareness of ISO standards and GRC requirements across the firm.
-
Develop educational materials and resources to support ongoing learning.
-
Provide guidance on and assist firm members with GRC-related matters.
-
Support the development of a risk-aware culture within the firm.
-
Minimum of 3-5 years of experience in risk management or IT audit, ideally in a GRC capacity or comparable experience in the industry.
-
Bachelor’s degree in Business Administration, Information Technology, Cybersecurity, Law, or a related field.
-
Strong knowledge of relevant regulatory requirements, industry standards, and best practices.
-
Solid experience in conducting risk assessments, developing controls, and monitoring effectiveness of controls.
-
Excellent analytical and problem-solving skills.
-
Strong communication and interpersonal skills.
-
Ability to work independently and as part of a team.
-
Proficiency in using GRC software and tools.
Due to the high volume of applications we receive at GRS Recruitment, only shortlisted candidates will be responded to.