GRC Specialist

About Snapp
Snapp is the pioneer provider of ride-hailing mobile solutions in Iran that connects smartphone owners in need of a ride to drivers who use their private cars to offer transportation services. We are ambitious, passionate, engaged, and excited about pushing the boundaries of the transportation industry to new frontiers and being the first choice of each user in Iran.

About the Position 

We are seeking a driven and detail-oriented professional to lead audits of access management processes for Snapp Cab and other ventures, ensuring secure onboarding and offboarding practices. Beyond access audits, the role will be critical in developing and implementing comprehensive Governance, Risk, and Compliance (GRC) frameworks across our operations. 

You will conduct risk assessments, monitor regulatory and internal compliance, and collaborate cross-functionally with legal, security, and engineering teams to align operations with legal, industry, and internal standards. You will also develop governance policies, conduct security awareness programs, manage corrective action plans, investigate compliance breaches, and drive continuous improvements. 

This is a high-impact role where your work will directly strengthen our cybersecurity posture and operational resilience. 

Responsibilities 

• Design, implement, and maintain cybersecurity governance frameworks, policies, and procedures aligned with industries and international standards. 

• Conduct cybersecurity risk assessments, threat modeling, and vulnerability analyses; prioritize mitigation actions against high-risk threats, including data breaches and third-party risks. 

• Plan and execute internal and third-party security audits. 

• Advise business and technical stakeholders on security-by-design principles, regulatory requirements, and risk implications. 

• Collaborate with incident response teams during security incidents and ensure compliance with legal and regulatory reporting obligations. 

• Generate executive-level reports summarizing security posture, emerging risks, compliance status, and improvement initiatives. 

• Bachelor's degree or higher in Cybersecurity, Computer Science, Information Technology, or a related field. 

• Minimum 5 years of experience in Governance, Risk, and Compliance (GRC), risk management, or security compliance roles. 

• Strong expertise in regulatory requirements and frameworks such as NIST CSF, ISO 27001, Cyber-police requirements, and industry audit standards. 

• In-depth understanding and hands-on experience with leading security frameworks, including NIST Cybersecurity Framework, ISO 27001, GDPR, and CIS Controls.

• Relevant certifications (CISA, CISM, ISO 27001 Lead Implementer) are highly preferred. 

• Strong problem-solving skills, attention to detail, and ability to manage multiple initiatives simultaneously. 

• Excellent verbal and written communication skills, capable of influencing both technical and non-technical stakeholders. 

• Experience creating dashboards and visual reports using Power BI or similar business intelligence tools. 

• Ability to write SQL queries for auditing, reporting, and investigation purposes. 

• Have experience working with SIEM platforms (e.g., Splunk, ELK, or similar) for event monitoring, log analysis, and compliance reporting.