Job offer: IT Risk and Compliance Manager

Responsibilities

• Develop and implement IT risk management frameworks, policies, and procedures in line with industry best practices and regulatory requirements.
• Identify, assess, and prioritize IT risks, ensuring appropriate mitigation strategies are in place.
• Conduct regular risk assessments and audits of IT infrastructure, applications, and third-party vendors.
• Oversee the implementation of risk controls and track remediation efforts to address identified vulnerabilities.
• Ensure that the organization’s IT practices comply with relevant regulations, standards, and industry frameworks (e.g., GDPR, SOX, PCI-DSS, ISO 27001, NIST).
• Monitor regulatory changes and industry trends to ensure timely updates to policies and procedures.
• Conducted internal compliance audits and coordinated with external auditors to ensure accurate and timely reporting.
• Maintain up-to-date documentation of IT compliance controls and practices, and prepare regular reports for senior management.
• Develop and enforce IT governance policies, ensuring alignment with the organization's risk management strategy and business objectives.
• Lead the development and implementation of security policies, disaster recovery plans, and business continuity strategies.
• Oversee IT governance committees and serve as the primary point of contact for IT-related regulatory bodies and auditors.
• Collaborate with internal departments (e.g., IT, Legal, Finance) and external partners (e.g., vendors, auditors) to manage IT risks and ensure compliance.
• Provide training and awareness programs for employees on IT risk management, data privacy, and compliance requirements.
• Act as the primary liaison between the IT department and business units for compliance and risk-related issues.

Qualifications

• Minimum of 8 years of experience in IT risk management, IT governance, or compliance roles, preferably within the financial sector or regulated industries.
• Strong knowledge of industry regulations, such as GDPR, PCI-DSS, SOX, and cybersecurity frameworks (e.g., ISO 27001, NIST).
• Experience in conducting risk assessments, audits, and implementing risk mitigation.
• Deep understanding of IT infrastructure, data protection, and cybersecurity principles.
• Strong analytical and problem-solving skills with the ability to manage multiple complex projects simultaneously.
• Excellent communication skills, with the ability to engage with technical and non-technical stakeholders.
• Certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or equivalent are highly desirable.

• Financial Risk

• Location Amman - Jordan
• Industry Information & Communication Technologies
• Job Type Full-Time
• Degree Bachelor
• Experience 8 - 12
• Nationality Unspecified