Cybersecurity GRC Analyst (vCISO service)

About Dynova Dynova provides virtual CISO services tailored for startups, helping pre-seed to Series C companies build effective cybersecurity and privacy programs without the cost of hiring full-time employees. Recognized for excellence with prestigious regional CISO awards, Dynova works extensively with leading venture capital firms and has served notable startups. Through a single subscription model, the company offers end-to-end security services, from risk assessments and controls implememntation to compliance support and strategic guidance. This approach ensures startups have access to enterprise-grade security leadership that aligns with their growth goals.

More about us: business-ciso.com

Role Description

This is a full-time, remote contractor role engaged through a Dubai-based entity (up to 3000$ monthly)

This role involves providing analytical and operational support to the vCISO across compliance, governance, and risk management initiatives for startup clients.

Compliance Support Support the vCISO in achieving and maintaining compliance with international standards such as ISO 27001, PCI DSS, and SOC 2, as well as regional Middle East regulatory requirements including NESA, CBUAE, VARA, and similar frameworks. Develop and maintain all required compliance documentation and collect supporting artifacts. Support certification activities end to end, assisting the vCISO throughout the full compliance lifecycle. Work within Dynova’s GRC platform, including onboarding regulatory requirements, mapping requirements to client controls, and maintaining evidences, risks, and related compliance records.

Governance and ISMS Support Support the vCISO in designing and implementing governance programs. Draft and maintain security policies and procedures. Assist in establishing and operating governance processes, including internal audits, metrics collection, committee setup and support, CAPA management, and tracking non-conformities.

Risk Management Support Support the vCISO in information security risk management activities. Aggregate risks identified through threat modeling exercises. Assist in defining ERM criteria and performing risk assessments against established criteria. Document risk management processes and maintain the risk register within the GRC platform. Support third-party risk management activities, including due diligence reviews required by partners and investors, under vCISO oversight.

What Success Looks Like: Ability to independently run compliance workstreams under vCISO guidance Ability to work with fast-paced startups Comfort managing multiple clients or parallel workstreams High-quality, audit-ready documentation delivered on time

Qualifications End-to-end experience delivering ISO 27001, PCI DSS, and SOC 2 certifications, including development of all required documentation and collection of supporting artifacts. Strong documentation skills with the ability to produce clear, audit-ready policies, procedures, control narratives, and evidence packs. Solid understanding of technical security controls, with the ability to discuss them in detail and clearly map technical implementations to applicable compliance requirements.

Preferred Certifications ISO 27001 Lead Implementer, or Lead Auditor. PCI-related training such as PCI DSS Fundamentals, ISA, or equivalent. Risk and governance certifications including CRISC, CISA, CGEIT, or equivalent.