GRC Lead

Position Summary

The GRC Lead will lead the strategic governance, risk management, and compliance agenda to strengthen the organization's cybersecurity resilience and ensure regulatory compliance. Acting as a key leader and collaborator, the GRC Lead will own the development, implementation, and continuous improvement of the GRC framework, ensuring alignment with business goals, regulatory mandates, and industry best practices. This role will manage GRC operations, lead cross-functional teams, engage executive leadership, and steer strategic risk decisions to safeguard organizational resilience.

Key Responsibilities

• Lead the design, execution, and maturation of the organization’s comprehensive GRC strategy, encompassing policy governance, risk management frameworks, compliance programs, and continuous improvement initiatives.
• Own the governance structure including policy lifecycle management, control frameworks, and compliance awareness programs.
• Align GRC objectives with business goals and regulatory mandates through close collaboration with executive leadership and key stakeholders.
• Provide leadership, mentoring, and development support to GRC analysts and related teams.

• Direct risk identification, assessment, mitigation strategies, and control effectiveness reviews across the enterprise.
• Oversee compliance operations including audit management, regulatory assessments, and compliance reporting to ensure adherence to global standards (ISO 27001, NIST, GDPR, PCI-DSS, SOC2).
• Champion risk appetite definition and risk tolerance monitoring aligned with organizational priorities.

• Guide selection, deployment, and optimization of GRC tools and platforms (e.g., RSA Archer, ServiceNow GRC) to enable scalable risk and compliance management.
• Drive automation efforts to improve risk intelligence, compliance tracking, and reporting accuracy.
• Identify and implement best practices and process improvements to enhance operational efficiency and risk visibility.

• Serve as the primary liaison for GRC matters across IT, Security, Legal, Compliance, and Business units.
• Translate complex risk and compliance information into clear, actionable recommendations for executive leadership and technical teams.
• Lead training, awareness programs, and communication efforts to embed a culture of governance and risk mindfulness.
• Engage with external partners, auditors, and regulators for GRC-related assessments and benchmarking.

Required Qualifications

• 7–8 years of progressive experience in Governance, Risk, and Compliance within cybersecurity or related fields.
• Proven leadership in managing GRC programs, teams, and strategic initiatives.
• Deep expertise in regulatory standards and frameworks (ISO 27001, NIST, GDPR, PCI-DSS, SOC2).
• Strong background with GRC platforms such as RSA Archer, ServiceNow GRC, or similar.
• Experience managing audits, risk assessments, compliance initiatives, and regulatory interactions.
• Excellent strategic thinking, interpersonal, and communication skills.
• Relevant certifications such as CISA, CISM, CISSP, CRISC, or PMP are highly desirable.

Preferred Skills

• Experience with GRC automation and integration within DevSecOps or cloud security contexts.
• Familiarity with IT and security control frameworks (CIS Controls, MITRE ATT&CK).
• Industry experience in regulated sectors like finance, healthcare, or government.
• Strong analytical and problem-solving skills with a data-driven mindset.

Professional Attributes

• Strategic and visionary leader with the ability to influence at all levels.
• Collaborative and team-oriented approach with proven mentoring skills.
• Detail-oriented, quality-focused, and proactive in risk anticipation.
• Passionate about continuous learning and adapting to emerging cybersecurity trends.