Manager GRC – Information Technology Full Time

We are looking to hire a Manager GRC – Information Technology who will be responsible for driving technology governance, compliance assurance, audit readiness, and risk oversight initiatives for our semi-government client based in Dubai – one of the largest organisations in the region.

This position is a long term contract role and sits within the Information Technology Department, reporting directly to the Head of GRC – Technology.

We are specifically seeking a hands-on GRC practitioner with strong day-to-day experience working on the ServiceNow GRC platform, not just oversight or advisory exposure.

The ideal candidate will play a key operational role in configuring, managing, and continuously improving the GRC platform, while also driving policy, compliance, and risk management initiatives across the organisation.

This role requires someone who can bridge technical GRC tooling with real-world risk and compliance execution, ensuring that governance frameworks are not only defined but actively embedded and monitored across systems and processes.

Key Responsibilities

• Own and operate the ServiceNow GRC platform on a day-to-day basis, including configuration, module management, and continuous enhancement
• Manage and operationalise key GRC modules within ServiceNow, including Policy & Compliance Management, Risk Management,Third-Party Risk Management (TPRM) and Regulatory Change Management.
• Ensure accurate and real-time reporting dashboards are maintained within the platform for leadership and governance forums
• Translate compliance and risk requirements into practical workflows, controls, and automated monitoring within ServiceNow
• Align technology governance and compliance activities with recognised standards such as ISO 27001, ISO 20000, ISO 42000, COBIT, and ITIL
• Lead ISO framework implementation and ongoing compliance maturity initiatives, including control mapping and gap assessments
• Define and manage the technology compliance roadmap, including policy lifecycle planning and audit readiness
• Own the end-to-end policy lifecycle (drafting, review, approval, implementation, and governance within systems)
• Coordinate internal and external audits, ensuring evidence is system-driven, traceable, and audit-ready
• Monitor and enforce operational controls such as Access and identity management, Change management processes, Backup and recovery controls and CMDB governance
• Drive risk identification, assessment, and mitigation activities, ensuring alignment between business, IT, and compliance stakeholders
• Support governance and compliance requirements for emerging technologies (e.g., AI/ML) and evolving regulatory landscapes

Knowledge, Skills & Experience

• 10+ years’ experience in technology risk, IT compliance, or GRC roles within large enterprise environments
• Strong hands-on experience with ServiceNow GRC is mandatory (candidates without practical platform ownership will not be considered)
• Proven experience in configuring, managing, and operating GRC tools, not just using them for reporting or tracking
• Demonstrated experience managing:
• Policy & compliance frameworks
• Risk registers and assessments
• Third-party/vendor risk
• Regulatory change processes
• Solid experience in ISO implementations (e.g., ISO 27001, ISO 20000, ISO 42000), including audits and certification cycles
• Strong understanding of COBIT, ITIL, and enterprise IT control environments
• Experience in audit coordination with clear ownership of remediation tracking and closure
• Ability to translate technical risks into clear, actionable insights for business stakeholders
• Strong technical acumen combined with operational execution capability
• Relevant certifications such as ISO 27001 Lead Auditor/Implementer, CRISC, CISSP, CISM, CISA, ITIL, or COBIT are highly preferred

Availability

• Preference will be given to candidates who are immediately available or on short notice (30 days or less)