Cyber GRC Manager

• We are seeking an experienced and highly motivated Cybersecurity GRC Manager to lead and manage the organizations governance, risk, and compliance (GRC) initiatives
• The ideal candidate will be responsible for designing, implementing, and maintaining robust cybersecurity frameworks to ensure compliance with regulatory requirements, industry standards, and organizational policies
• This role is critical in driving our security strategy, managing risks, and fostering a culture of security awareness across the organization

Key Responsibilities:

• GovernanceDevelop and implement the organizations cybersecurity governance framework, policies, and procedures
• Align cybersecurity initiatives with business objectives, regulatory requirements, and industry best practices (eg, ISO 27001, NIST, GDPR, etc)
• Collaborate with cross-functional teams to ensure security requirements are integrated into business processes and IT systems
• Risk ManagementIdentify, assess, and prioritize cybersecurity risks across the organization
• Develop and maintain a risk management program, including risk registers, mitigation plans, and periodic assessments
• Monitor emerging threats and vulnerabilities, and provide guidance on appropriate risk responses
• ComplianceEnsure compliance with applicable laws, regulations, and standards (eg, SOX, HIPAA, PCI DSS)
• Conduct internal audits and readiness assessments for external audits and certifications
• Manage third-party vendor risk assessments and ensure security compliance across the supply chain
• Incident Management and ReportingOversee security incident response plans and testing
• Report on cybersecurity risks, incidents, and compliance metrics to executive leadership and stakeholders
• Coordinate with legal and regulatory bodies during audits or in response to security incidents
• Training and AwarenessDevelop and deliver cybersecurity training and awareness programs for employees at all levels
• Foster a culture of security awareness and accountability within the organization

Education and Certifications

• bachelors degree in Cybersecurity, Information Technology, Business, or a related field
• Relevant certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor preferred

Experience

• 7+ years of experience in cybersecurity, governance, risk, or compliance roles
• Proven experience with GRC tools, frameworks, and standards (eg, NIST CSF, COBIT, ISO 27001)
• Demonstrated success in managing complex risk and compliance projects
• SkillsStrong understanding of regulatory requirements and risk management methodologies
• Excellent communication and stakeholder management skills
• Analytical and detail-oriented with the ability to make data-driven decisions
• Experience in third-party vendor risk management and security audits

What We Offer:

• Competitive salary and benefits package
• Opportunity to work with cutting-edge technologies in a dynamic and collaborative environment
• Professional development and certification opportunities