Information Technology Governance, Risk, and Compliance - Senior Specialist

The Technology Governance, Risk, and Compliance (GRC) Senior Specialist at ALJ Enterprises, you will play a key role in leading the effective management and oversight of Technology governance, risk management, and compliance activities across the organization. You will be responsible for developing and maintaining a robust framework for identifying, assessing, and mitigating Technology-related risks, as well as ensuring compliance with relevant regulations and industry standards.

You will contribute to the continuous improvement and optimization of Technology GRC processes and procedures to enhance the overall security posture of the organization.

• :Manage Technology GRC activities, including the development and maintenance of ALJ Enterprises policies and procedures, in collaboration with ALJ Enterprises and ALJ Corporate teams
• .Support the development and implementation of an Technology GRC framework, policies, and procedures to manage Technology -related risks effectively and ensure compliance with regulatory requirements and industry standards
• .Assist in establishing and maintaining an Technology risk management program that includes risk identification, assessment, prioritization, mitigation, and monitoring
• .Conduct regular Technology and Digital risk assessments and gap analyses to identify potential vulnerabilities and areas for improvement
• .Collaborate with Technology, Digital, Innovation, and business stakeholders to define and implement controls and mitigation strategies to address identified risks
• .Monitor regulatory developments and industry trends to ensure ongoing compliance with relevant laws, regulations, and best practices and elevate any potential issues as needed
• .Assist in the execution of Technology compliance activities, including audits, assessments, and certifications, to validate adherence to established policies and standards
• .Provide guidance and support to Technology teams and business units on GRC-related matters, including risk identification, assessment methodologies, and compliance requirements
• .Support the development and delivery of training programs and awareness initiatives in collaboration with IT corporate and HR to promote a culture of compliance and risk awareness across the organization
• .Assist in managing relationships with internal and external auditors, regulators, and other third-party stakeholders involved in Technology GRC activities
• .Participate in incident response and remediation efforts in coordination with relevant stakeholders to address security incidents and compliance violations

• :Bachelor's degree in Information Technology, Computer Science, Business Administration, or related field. A professional certification in Technology governance, risk management, or compliance (e.g., CISA, CISM, CRISC, CISSP) is a plus
• .Minimum of 5 years of experience in Technology governance, risk management, compliance, or related fields
• .Good understanding of Technology governance frameworks, standards, and best practices (e.g., COBIT, ISO 27001, NIST Cybersecurity Framework)
• .Experience in participating in Technology GRC programs in complex organizational environments
• .Knowledge of regulatory requirements and compliance frameworks relevant to the organization's industry and geographical footprint
• .Strong analytical, problem-solving, and decision-making skills, with the ability to assess and prioritize risks effectively
• .Strong communication and interpersonal skills, with the ability to effectively engage and influence stakeholders at all levels of the organization
• .Ability to work collaboratively in a cross-functional environment and effectively manage relationships with internal and external stakeholders
• .Fluency in English is required, and proficiency in Arabic is a plus