This role focuses on strengthening overall compliance maturity, enhancing risk management capabilities, and supporting security governance across the organisation. The GRC Specialist will play a key part in developing compliance frameworks, improving policies and procedures, and preparing the organisation for evolving regulatory requirements such as NIS2 and DORA.
The position involves overseeing governance, risk, and compliance processes while working closely with teams across ICT, HR, Finance, Enterprise Infrastructure, and senior leadership. It is a hands-on role that blends strategic planning, documentation, assessment, and operational execution.
Responsibilities
- Develop and maintain core governance documents, including the GRC Charter, Compliance Roadmap, and Compliance Register.
- Establish and manage a robust Policy Management Framework, covering document lifecycles, versioning, and approval workflows.
- Conduct organisation-wide risk assessments, manage the Risk Register, and support business continuity initiatives.
- Build and maintain a Unified Compliance Framework aligned with ISO 27001, NIS2, and DORA.
- Review, refine, and standardise essential policies and procedures across the organisation.
- Create and execute internal audit plans while maintaining audit evidence repositories.
- Track non-conformities, oversee corrective actions, and support readiness for ISO and external audits.
- Lead organisation-wide security awareness initiatives through training sessions and e-learning programs.
- Perform NIS2 and DORA gap assessments and define implementation roadmaps.
- Evaluate GRC tools, conduct assessments, support pilot testing, and provide recommendations.
- Maintain GDPR registers, conduct DPIA reviews, and ensure proper handling of personal data.
- Manage third-party and vendor risk through assessments, due diligence, and periodic reviews.
- Identify opportunities for process enhancement, automation, and improved compliance efficiency.
Requirements
- Strong understanding of ISO 27001, GDPR, and security governance principles.
- Familiarity with GRC platforms and compliance automation tools.
- Experience in risk assessments, policy development, and audit activities.
- Excellent documentation, organizational, and stakeholder management skills.
Education and Experience
- 2–5 years of experience in GRC, compliance, audit, or information security.
- A Bachelor’s degree or Diploma in Information Security, Risk Management, IT Governance, or a related discipline.
- Located in Malta and local experience
Benefits
Job Reference: HD494
