Security Compliance Manager

Shufti is hiring a Governance, Risk, and Compliance (GRC) Specialist to operate and improve the governance layer of the security programme. This role keeps the ISMS governed, risk-informed, audit-ready, and aligned to certification, customer, and regulatory obligations. The successful candidate will own the day-to-day mechanics of policy governance, risk tracking, audit coordination, document control, evidence mapping, and cross-functional follow-through.

This is not a passive documentation role. The GRC Specialist is expected to convert security, audit, and compliance requirements into an operating model that teams can execute, evidence, review, and improve.

What The Role Owns

• ISO 27001:2022 governance and surveillance readiness
• SOC 2 evidence governance and control mapping
• PCI-DSS and Cyber Essentials Plus coordination
• Risk-register maintenance, treatment tracking, and acceptance workflow
• Policy, procedure,...