Job Description:

Position: GRC (Governance, Risk, and Compliance) Engineer

Location: Amman, Jordan

Company: NourNet

Position Overview:

NourNet is seeking a GRC Engineer to join our team in Amman, Jordan. The GRC Engineer will play a crucial role in supporting the organization's Governance, Risk, and Compliance framework by implementing, monitoring, and maintaining information security standards such as ISO 27001, ISO 20000, and other relevant IT frameworks. This position involves policy creation, internal auditing, risk management, and ensuring continuous improvement of the company’s information security posture.

Key Responsibilities:

1. Governance, Risk, and Compliance (GRC) Implementation:

• Support the GRC Manager in applying Information Security controls aligned with ISO 27001, ISO 20000, and other IT standards.
• Ensure compliance with other relevant frameworks like CSA STAR, NIST, COBIT, ITIL, PCI-DSS, and GDPR.
• Assist in the development, maintenance, and execution of NourNet’s GRC strategy and roadmap.

2. Certification and Documentation Management:

• Manage the lifecycle of certification processes, ensuring that all documentation is current, complete, and compliant with regulatory standards.
• Collaborate with external auditors to facilitate audits for certifications like ISO 27001, ISO 20000, and CSA STAR.
• Maintain records of certifications and ensure timely renewals.

3. Governance Reviews and Committees:

• Participate in governance committees and reviews to provide insights on risk, security, and compliance issues.
• Assist in preparing reports, presentations, and updates for governance stakeholders.

4. Internal Audits:

• Assist in planning and conducting internal IT audits to assess compliance with internal policies and external standards.
• Identify non-conformities, provide recommendations, and track corrective actions through to resolution.
• Ensure continuous improvement in audit processes.

5. Policy and Procedure Development:

• Create, update, and maintain policies, procedures, and guidelines for all departments, ensuring alignment with security standards and organizational goals.
• Work with departmental stakeholders to ensure the implementation and adherence to policies.

6. Information Security Management System (ISMS) Implementation:

• Support the implementation, monitoring, and continuous improvement of the ISMS in line with ISO 27001 requirements.
• Conduct regular follow-ups to ensure compliance with the ISMS framework and associated controls.

7. Risk Management:

• Assist in maintaining the annual Information Security Risk Management cycle, identifying, assessing, and mitigating risks.
• Support in conducting risk assessments and developing risk treatment plans.
• Collaborate with teams to ensure risk mitigation strategies are implemented and tracked.

8. Stakeholder Engagement:

• Review and discuss information security policies with stakeholders to ensure relevance and clarity.
• Act as a liaison between technical teams and business stakeholders to ensure mutual understanding of security requirements.

Required Skills & Qualifications:

Education: Bachelor’s degree in Information Security, Computer Science, IT, or a related field.

Certifications (Preferred): ISO 27001 Lead Implementer/Auditor, ISO 20000 Practitioner, CISM, CRISC, CISSP, ITIL, or CSA STAR certifications.

Experience:

• 2-5 years in IT Governance, Risk, Compliance, or Information Security roles.
• Experience with ISO standards, internal audits, and risk management frameworks.
• Technical Skills:
• Familiarity with GRC tools and software.
• Understanding of IT security frameworks, standards, and regulatory requirements.
• Knowledge of cloud security standards and frameworks (e.g., CSA STAR).

Soft Skills:

• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder management abilities.
• Detail-oriented with strong organizational skills.
• Ability to work both independently and collaboratively in a team environment.