Consultant – Governance, risk management and compliance (GRC)
SATEC is a 30-year-old Spanish Multinational System Integrator, founded in 1988 in the ecosystem of supercomputing. With the arrival of the Internet, we were pioneers in implementing telecommunications networks in Spain, Portugal and Morocco. Today, we are also focused on other services, such as IT consulting, data centres, security, software engineering, BPO and Industry 4.0
We are searching for an experienced consultant to work on a project that has for objective the development of a framework for governance, risk assessment and compliance (GRC) for an enterprise located in Saudi Arabia. Also, a comprehensive risk assessment of the enterprise and its security operation center will have to be performed.
The consultant will be in charge of leading the execution of the project. He will be integrated into a project team of 4-5 members.
The project must be executed in conformance with international standards and guidelines such as COBIT, NIST 800 series, ISO 27001, ISO 31000, COSO, etc.
The work will be carried out mainly in Saudi Arabia. Occasional travel to Spain will also be required.
It is expected that the candidate possesses strong leadership, analytical, negotiation, client engagement, and liaising skills.
The project has an estimated duration of 5-6 months. Further and longer-term engagement with our company in other projects or services worldwide is sought after by us and will be possible based upon the candidate value and performance.
Required Qualifications:
- Excellent understanding and proven experience with frameworks and standards such as COBIT, NIST 800 series, ISO 27001, ISO 31000, COSO, etc.
- More than 7 years of experience designing and implementing GRC controls and performing risk assessments for medium to large organizations.
- Must have worked as a consultant in several projects with a scope similar to this one.
- Fluency in English and ability to write technical documents in English
- It is required to have extensive and demonstrated knowledge in cybersecurity concepts and the ability to understand risk management methods and approaches to measuring effectiveness.
- Excellent presentation skills and experience speaking about GRC and cybersecurity with top management executives.
Desired Skills:
- Possession of one or several of these certifications: CISSP, ISO 27001, CISA, CISM, CRISC, CGEIT.
- Knowledge and experience working with RSA Archer GRC
- Experience dealing with diverse technical environments.
- Spanish (written and spoken)
