Reports To: Chief Information Security Officer (CISO)
The Senior GRC (Governance, Risk & Compliance) Specialist plays a critical role in strengthening the organization’s information security and compliance posture. This position is responsible for designing, implementing, and maintaining governance, risk management, and compliance programs aligned with recognized international standards and regulatory requirements (e.g., ISO 27001, GDPR, NIST).
Responsibilities:
Own, develop, and maintain the information security governance framework, including policies, standards, and procedures.
Independently conduct and manage risk assessments across systems, processes, vendors, and group entities, including mitigation planning and follow-up.
Monitor and ensure compliance with applicable regulations, standards, and contractual obligations (e.g., ISO 27001, GDPR, NIS2, Part-IS).
Act as the end-to-end owner of the ISO 27001 Information Security Management System (ISMS), including scope definition, risk assessments, Statement of Applicability, internal audits, management reviews, and certification readiness.
Coordinate ISO 27001 implementation and ongoing compliance across relevant subsidiaries and business units.
Ensure alignment with EU and aviation regulatory requirements, including EASA Part-IS, GDPR, NIS2, and applicable supervisory expectations.
Own and manage third-party and vendor risk management and due diligence processes.
Serve as the primary point of contact for regulators, auditors, and external assessors on information security and compliance matters, in coordination with the CISO.
Prepare for and support internal and external audits, including evidence collection, remediation tracking, and reporting.
Collaborate with IT, Legal, HR, and business stakeholders to embed security and compliance requirements into day-to-day operations.
Maintain the group risk register and report risk posture, trends, and key metrics to senior management.
Contribute to security awareness and compliance training initiatives.
Lead post-incident compliance reviews and support incident response documentation from a GRC perspective.
Support the implementation and optimization of GRC tools and dashboards for centralized risk and compliance management.
Requirements
Professional certifications such as CISA, CRISC, or CISSP are an advantage.
Hands-on experience leading or owning compliance initiatives for frameworks such as ISO 27001, GDPR, Part-IS, SOC 2, or similar.
Hands-on experience leading or owning compliance initiatives for frameworks such as ISO 27001, GDPR, Part-IS, SOC 2, or similar.
Strong analytical, organizational, and communication skills, with the ability to present complex topics clearly to diverse audiences.
Education and Experience
Bachelor’s degree in Information Systems, Computer Science, Industrial Engineering, or equivalent professional experience.
Bachelor’s degree in Information Systems, Computer Science, Industrial Engineering, or equivalent professional experience.
Risk Jobs in Malta entail the assessment and prevention of financial risk and fraud. Jobs in risk within this sector include credit risk, risk & fraud and operational risk jobs.
