Job
Description
Job Summary responsible for ensuring that the organization adheres to cybersecurity regulations, frameworks, and best practices. This role involves developing and implementing security policies, conducting risk assessments, ensuring compliance with industry standards (ISO 27001, NIST, PCI-DSS, GDPR, etc.), and working closely with internal teams to enhance the organizations security posture. Key Responsibilities Governance Develop, implement, and maintain cybersecurity policies, standards, and guidelines in alignment with industry frameworks ( ISO 27001, NIST, CIS , etc.). Ensure proper documentation and communication of security policies across the organization. Conduct internal security awareness training programs for employees and vendors. Work with leadership to define security strategies and ensure alignment with business objectives. Risk Management Conduct cybersecurity risk assessments to identify vulnerabilities, threats , and potential impacts . Develop risk treatment plans and ensure appropriate mitigation measures are in place. Evaluate third-party vendors for cybersecurity risks and compliance with organizational security requirements. Monitor emerging cybersecurity threats and update risk management strategies accordingly. Compliance Ensure compliance with regulatory requirements such as GDPR, HIPAA, PCI-DSS, SOX , and other applicable laws. Conduct audits and gap assessments to identify areas of non-compliance. Maintain documentation and evidence to support audit and regulatory compliance efforts. Work with legal and IT teams to ensure contracts and agreements include necessary security provisions. Incident Management & Continuous Monitoring Support incident response efforts by ensuring compliance with reporting and escalation procedures. Monitor security controls and compliance metrics through GRC tools and dashboards. Conduct periodic security assessments and audits to verify control effectiveness. Provide recommendations for improvements in security controls and governance processes. Required Qualifications & Skills Technical Skills Knowledge of cybersecurity frameworks such as ISO 27001, NIST CSF, CIS Controls , and PCI-DSS . Experience with risk assessment methodologies (e.g., FAIR, OCTAVE, NIST RMF ). Understanding of compliance requirements such as GDPR, HIPAA , and SOX . Familiarity with security tools ( SIEM, GRC platforms, vulnerability management tools). Knowledge of third-party risk management practices. Soft Skills Strong analytical and problem-solving abilities. Excellent communication and report-writing skills. Ability to work collaboratively across departments. Strong attention to detail and organizational skills. Education & Experience Bachelor's or Masters degree in Cybersecurity, Information Security, Risk Management, or a related field. 3-6 years of experience in cybersecurity governance, risk, and compliance. Industry certifications such as CISSP, CISA, CRISC, CISM , or ISO 27001 Lead Auditor (preferred).
