Role Overview

We are looking for an experienced IT Governance, Risk, and Compliance (GRC) professional to lead and manage the organization’s IT GRC program. The role focuses on strengthening governance structures, identifying and mitigating IT risks, and ensuring ongoing compliance with regulatory, legal, and industry requirements. The ideal candidate will act as a strategic partner to business and technology teams, driving a strong risk-aware and compliance-focused culture across the organization.

Key Responsibilities

GRC Program Management

• Design, implement, and oversee the end-to-end IT GRC program aligned with organizational objectives.

• Establish, review, and enhance governance frameworks, policies, procedures, and standards related to information security and compliance.

Risk Management

• Identify, assess, and prioritize IT and information security risks across systems, processes, and vendors.

• Collaborate with internal stakeholders to define risk treatment plans and ensure timely and effective mitigation.

Compliance Management

• Ensure compliance with applicable laws, regulations, and industry standards.

• Plan and execute regular compliance assessments, internal audits, and control reviews, addressing gaps and remediation actions.

Policy and Standards Development

• Develop, maintain, and periodically review information security and IT governance policies.

• Ensure alignment with business objectives, regulatory expectations, and recognized industry frameworks.

Training and Awareness

• Lead security, risk, and compliance awareness initiatives across the organization.

• Conduct training sessions on GRC best practices and collaborate with stakeholders to promote understanding of compliance obligations.

Incident Response and Investigation

• Support and lead IT and information security incident response activities as required.

• Conduct investigations into security incidents, document findings, and recommend corrective and preventive actions.

Continuous Improvement

• Drive continuous improvement initiatives to enhance the maturity and effectiveness of the GRC program.

• Stay current on emerging threats, regulatory changes, and industry trends impacting the GRC landscape.

Qualifications & Experience

• Bachelor’s degree in Information Security, Computer Science, or a related discipline.

• Professional certifications such as CISA, CISSP, CRISC, or equivalent are highly preferred.

• 7+ years of hands-on experience in IT Governance, Risk Management, and Compliance roles.

• Proven experience implementing and managing GRC frameworks such as ISO 27001, NIST, COBIT, or similar standards.

• Strong knowledge of regulatory and compliance requirements, including GDPR, HIPAA, SOX, and other applicable regulations.

• Excellent communication, stakeholder management, and collaboration skills.

We are seeking a ServiceNow professional responsible for the implementation, configuration, and ongoing support of ServiceNow ITSM applications. The role involves customizing and extending platform capabilities through form configuration, workflows/flows, UI policies, client scripts, and business rules to meet business and operational requirements.

You will design, build, and maintain Service Catalog items, CMDB structures, and Knowledge Base content, ensuring data accuracy, usability, and alignment with ITIL best practices. The role also includes ServiceNow system administration, covering instance upgrades, patch management, user and role administration, and platform performance optimization.

The candidate will be expected to produce and maintain technical documentation, including solution designs, configuration details, process flows, and test scenarios. Close collaboration with QA and business stakeholders is required to support testing, validation, and defect resolution.

Additionally, you will support user training, go-live activities, and post-implementation support, ensuring smooth adoption of ServiceNow solutions and continuous improvement of ITSM processes.