Lead GRC Architect _ Exp: 12+Years

Role & responsibilities

• Deploy and implement next generation GRC solution.

• Hands-on experience implementing AuditBoard or equivalent.

• Build and management process for risk assessment, issue management, audit management, ITRM, TPRM.
• Support and oversee comprehensive technology audits, including assessments of IT General controls across the environment.
• Collaborate with external auditors to coordinate and support annual technology audits, ensuring audit requirements and timelines are met.
• Identify, assess, and prioritize technology-related risks across the organization, with a focus on cybersecurity, data protection, and operational resilience.
• Review and evaluate the design and effectiveness of IT General Controls, recommending improvements as necessary.
• Ensure IT processes, systems, and controls align with regulatory requirements (e.g., SOX, GDPR, DORA) and industry standards (e.g., ISO 27001, NIST).
• Support compliance teams in responding to internal and external audits and inquiries regarding IT systems and data management practices.
• Partner with IT, security, and compliance teams to provide insights on risk mitigation strategies, control enhancements and findings remediation.
• Communicate audit findings and recommendations to senior management and key stakeholders, helping to shape a culture of continuous improvement and risk awareness.
• Oversee the preparation of audit reports, including executive summaries, findings, and actionable recommendations for improvement.
• Monitor industry trends, regulatory changes, and emerging risks to refine and enhance audit methodologies and best practices.
• Implement automated audit tools and data analytics to improve audit efficiency, coverage, and accuracy.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively across functions and levels.

What Were Looking For

• Bachelor’s degree in information technology, Computer Science, Accounting, or a related field. Master’s degree is preferred.
• 12+ years of experience in technology, security and risk management
• Strong knowledge of IT risk assessment, IT General Controls, NIST framework, and other compliance frameworks.

• Expertise in implementing and management of GRC tools. (Must have)

Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) are strongly preferre