IT GRC Consultant / Senior Consultant

Job type: Full Time

Location: Bahrain

Categories: Technology Advisory/Technology, Media & Communication

Apply for this position

Grant Thornton Bahrain is expanding their IT GRC practice and looking to hire candidates at Senior Consultant and Consultant levels. As an integral member of the IT Advisory team, reporting to the responsibility of the GRC team is to carry out the engagements related to policy compliance, security requirements governance, as well as risk management. The ideal candidate will have knowledge of risk management, security and privacy practices and be an effective communicator, both written and verbal.

Responsibilities include:

  • Lead and/or execute IT GRC engagements.
  • Review and/or prepare project deliverables.
  • Point of contact for the client during the engagement execution
  • Develop and participate in the implementation of client initiatives focused on the reduction of technology risk, governance and compliance with policies and external regulatory compliance.
  • Evaluate business and IT risks
  • Audit IT organizations, IT processes and IT systems against regulations, standards and good practices such as COBIT and ITIL
  • Develop IT security standards, procedures, and controls to manage risks. Improve client’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities
  • Evaluation of information security threats and their impact on the client’s IT environment
  • Support the senior team members, assist with the analysis of requirements and design of clients’ information security posture, as well as Legal,
  • Regulatory and Scheme security requirements
  • Support the senior team members in the delivery of work streams for clients in compliance standards such as PCI DSS, ISO27001, EU GDPR and Bahrain PDPL and incident management disciplines.
  • Perform and investigate internal and external information security risk and exceptions assessments.
  • Document and report control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
  • Stay current on best practices and technological advancements and acts as a technical resource for security assessment and regulatory compliance.
    Perform other related duties as assigned from time to time based on the business requirements.
  • Knowledge of virtualization and cloud computing is preferred.


  • Understanding of ISO 27001, PCI DSS, ITIL, ITSM, COBIT, ISO 3100, NIST standards and frameworks preferred.
  • Experience with risk management principles and associated methodologies
    Ideally will have CISA/ COBIT/ ISO 27001 ISMS/ ISO 22301 BCMS qualification.
  • Proven ability to make sound pragmatic decisions and judgements under tight timelines.
  • Strong interpersonal and influencing skills with the ability to influence and drive change in a collaborative way both internally and externally.
  • Hands-on experience with VA tools e.g., Nessus, Qualys etc would be an advantage.

Essential requirements:

  • Senior Consultant: 3+ years’ experience in IT Governance, IT Audits & IT Risk & Compliance.
  • Consultant: 1-2 years experience in IT Governance, IT Audits & IT Risk & Compliance.
  • Ability to work in a fast-paced, high-pressure atmosphere by being attentive and having a strong eye for details.
  • Strong leadership and personnel management skills
  • Exceptional client service along with the ability to develop excellent client relationships
  • Good at meeting deadlines and solving problems
  • Good communication skills, both verbal and written (English is a must; Arabic will be a plus)

Advertised: 28 Aug 2023 Arab Standard Time

Application close: 30 Dec 2023 Arab Standard Time