Published on: 05/12/2025

Governance, Risk & Compliance (GRC) Specialist

Fonicom is seeking a dedicated Governance, Risk & Compliance (GRC) Specialist to strengthen our compliance posture, enhance risk management capabilities, and support security governance across the organization. This role will be central in developing our compliance frameworks, maturing our policies and procedures, and ensuring readiness for emerging regulatory requirements such as NIS2 and DORA.

The GRC Specialist will be responsible for improving and maintaining Fonicom’s governance, risk, and compliance processes. You will work closely with cross-functional teams (ICT, HR, Finance, Enterprise Infrastructure, and senior leadership) to create structured governance frameworks, lead audits, maintain compliance registers, enhance security awareness, and support ISO certification efforts. This is a hands-on role that combines strategy, documentation, assessment, and operational execution.

WHAT YOU’LL DO

  • Develop and maintain the GRC Charter, Compliance Roadmap, and Compliance Register.
  • Establish and oversee a Policy Management Framework including document lifecycle, version control, and approval workflows.
  • Conduct organization-wide risk assessments, maintain the Risk Register, and support business continuity planning.
  • Create and manage a Unified Compliance Framework aligned with ISO 27001, NIS2, and DORA requirements.
  • Review, update, and standardize critical organizational policies and procedures.
  • Develop and execute internal audit plans and maintain audit evidence repositories.
  • Track non-conformities, corrective actions, and support audit readiness for ISO and external audits.
  • Drive company-wide security awareness initiatives, including training sessions and e-learning modules.
  • Conduct NIS2 and DORA gap assessments and develop implementation roadmaps.
  • Evaluate GRC tools, prepare assessment matrices, and support pilot testing and recommendations.
  • Maintain GDPR registers, conduct DPIA reviews, and oversee personal data handling compliance.
  • Manage vendor and third-party risk through assessments, due diligence, and regular reviews.
  • Identify and implement process improvements, automation opportunities, and compliance efficiency enhancements.

WHAT YOU WILL NEED

  • Required:
    • 2–5 years experience in GRC, compliance, audit, or information security roles.
    • Strong understanding of ISO 27001, GDPR, and security governance principles is mandatory.
    • Exposure to GRC tools and compliance automation platforms.
    • Experience in risk assessment, policy development, and audit activities.
    • Excellent documentation, organizational, and stakeholder management skills.
  • Preferred:
    • Bachelor’s degree or Diploma in Information Security, Risk Management, IT Governance, or a related field.
    • Experience with NIS2 and/or DORA regulatory requirements.
    • Relevant certifications such as ISO 27001 Lead Implementer/Auditor, CISM, CISSP, CRISC, or similar.
Apply