Job Scope:

We are seeking a skilled Governance, Risk and Security Compliance Specialist to ensure our organization’s compliance with regulatory requirements, industry standards, and internal security policies. The candidate will be responsible for designing, implementing, and maintaining compliance frameworks while supporting security awareness across the company.

1. Regulatory & Framework Compliance

• Lead and maintain compliance with DORA (Digital Operational Resilience Act), ensuring IT and operational resilience measures meet regulatory requirements.
• Ensure compliance with VARA (Virtual Assets Regulatory Authority) frameworks for virtual asset and digital financial services.
• Drive compliance initiatives for GDPR, including data protection impact assessments, data handling practices, and privacy-by-design principles.
• Manage and maintain ISO 27001 Information Security Management System (ISMS), including documentation, risk assessments, and internal/external audit preparations.

2.Security Awareness

• Develop, deliver, and track security awareness programs to build a security-first culture.
• Conduct phishing simulations, training sessions, and employee awareness campaigns to ensure strong adoption of best practices.

3.Audit & Risk Management

• Coordinate with auditors and regulators for compliance reviews and assessments.
• Identify and mitigate compliance gaps, security risks, and process weaknesses.
• Maintain up-to-date knowledge of evolving regulations and ensure timely implementation of new requirements

4.Collaboration & Advisory

• Work closely with IT, Legal, Risk, and Business teams to embed compliance requirements into processes and systems.
• Provide guidance on secure and compliant business practices for new projects and technologies.
• Supporting external audits including ISMS audits

• Bachelor’s degree in Information Security, Computer Science, or related field.
• Proven experience in regulatory compliance (DORA, GDPR, VARA) and ISO 27001 management.
• Strong understanding of information security frameworks and risk management practices.
• Experience in designing and conducting security awareness programs.
• Excellent communication, documentation, and stakeholder management skills.
• Professional certifications such as CISM, CISSP, ISO 27001 Lead Implementer/Auditor, or CISA are a plus