Senior GRC Specialist

• Onsite role based in Malta
• Reporting to: Chief Information Security Officer (CISO)
• Excellent benefits package

A well-established, highly regulated organisation is strengthening its Information Security and Compliance function and is seeking a Senior GRC Specialist to take end-to-end ownership of Governance, Risk, and Compliance across a group environment.

This is a senior, autonomous role with full accountability for information security governance and regulatory compliance across multiple entities, jurisdictions, and frameworks. You will work closely with the CISO and senior stakeholders, acting as the central authority for all GRC activities and ensuring alignment with international standards and regulatory requirements.

This opportunity is well suited to a professional who is confident operating independently, comfortable engaging with regulators and auditors, and experienced in translating complex compliance requirements into practical, business-ready processes.

The Role As Senior GRC Specialist, you will design, implement, and maintain the organisation’s information security governance framework, while independently managing risk assessments, compliance activities, and certification readiness across the group.

You will act as the single point of accountability for information security governance, risk management, and compliance, coordinating efforts across subsidiaries, business units, and regulatory environments.

Key Responsibilities:

• Own, develop, and maintain information security governance frameworks, policies, and procedures
• Independently conduct and manage risk assessments across systems, processes, vendors, and group entities
• Own compliance with applicable regulations, standards, and contractual obligations (including ISO 27001, GDPR, Part-IS, NIS2, etc.)
• Act as end-to-end owner of the ISO 27001 ISMS, including scope definition, risk assessments, Statement of Applicability, audits, management reviews, and certification readiness
• Coordinate ISO 27001 implementation and ongoing compliance across subsidiaries and business units
• Ensure alignment with EU and aviation regulatory requirements, including EASA Part-IS, NIS2, GDPR, and aviation authority expectations
• Own vendor risk management and third-party due diligence processes across the group
• Serve as the primary point of contact for regulators, auditors, and external assessors in coordination with the CISO
• Prepare and support internal and external audits, including evidence collection and remediation tracking
• Maintain the group risk register and report on risk levels, trends, and KPIs to senior management
• Collaborate with IT, Legal, HR, and business teams to embed compliance into daily operations
• Support security awareness and compliance training initiatives
• Own post-incident compliance reviews and contribute to incident response documentation
• Support the implementation of GRC tools and dashboards for centralised risk and compliance management

Candidate Profile:

• Bachelor’s degree in Information Systems, Computer Science, Industrial Engineering, or equivalent professional experience
• 5+ years’ experience in Governance, Risk & Compliance, Information Security, or Audit, with independent ownership of compliance activities
• Hands-on experience leading or owning compliance initiatives for ISO 27001, GDPR, Part-IS, SOC 2, or similar frameworks
• Proven experience working directly with regulators, auditors, and external stakeholders
• Experience in regulated environments such as aviation, logistics, or financial services is an advantage
• Familiarity with risk management methodologies and GRC platforms (e.g. ServiceNow GRC, OneTrust, Archer) is an advantage
• Professional certifications such as CISA, CRISC, or CISSP are an advantage
• Strong analytical and communication skills with the ability to present complex topics clearly
• Excellent written and spoken English
• Highly independent, proactive, organised, and detail-oriented

Why This Role?

• Senior-level ownership with real influence across the organisation
• Direct exposure to executive leadership and the CISO
• Opportunity to work across complex, multi-jurisdictional regulatory environments
• High-impact role shaping security governance and compliance maturity
• Long-term growth within a stable, regulated organisation