Cybersecurity Lead - GRC

Identifying, assessing, and mitigating potential risks across various areas of the organization, including IT security, business processes, and regulatory compliance.

Developing, implementing, and maintaining GRC programs and processes to support compliance and risk management efforts.

Assisting with internal and external audits, responding to audit findings, and ensuring corrective actions are implemented.

User Access review

Creating and maintaining policies and procedures related to governance, risk, and compliance.

Conducting gap analysis and implementing frameworks and standards such as ISO 27001, GDPR, NIST, and SOX.

Developing and revising policies, standards, processes, and guidelines for the organization. Conducting vendor risk assessments against organizational security requirements.

Continually testing and monitoring the effectiveness of security controls.

Conducting research to aid threat assessment or risk mitigation activities.

Assist the department in responding to inquiries from the business units about ongoing operational compliance

Working with various teams and departments to ensure GRC practices are integrated into business operations.

Bachelor s degree in computer science, information systems, or Cybersecurity

Preferred Certification: CISA

5+ years of direct experience in information security, with a main emphasis on risk and compliance

3+ years of expertise conducting ISO 27001 and SOC 2 audits, as well as handling audit responses

Thorough understanding of market structures, including relevant regulatory compliance requirements (ISO27001, SOC 2, NIST, PCI, GDPR, etc.)

Knowledge of identity management standards, storage, and disaster recovery in the cloud and On Premise

Knowledge of GRC tool techniques and best practices

Proven track record of organizing and carrying out several risk and compliance projects

Ability to successfully manage third-party audits, compile evidence, and organize audit responses

Effective written communication skills to develop & maintain the policies and procedures; the capability to communicate with cross-functional teams.

Proven analytical and problem-solving abilities for managing initiatives that advance corporate goals