Lead - GRC Risk Management

• Lead the design, implementation, and continuous improvement of the Information Security Risk Management framework.
• Conduct regular risk assessments, control evaluations, and threat modeling across systems, vendors, and business processes.
• Maintain and continuously enhance the Risk Register, ensuring timely reporting and mitigation tracking.
• Partner with business and technical stakeholders to drive risk treatment plans and ensure accountability for risk reduction.
  

• Develop, refine, and maintain security policies, standards, and procedures aligned with frameworks such as ISO 27001, NIST CSF, SOC 2, and CIS Controls.
• Facilitate risk governance committees and ensure effective communication of risk posture to senior management and the Board.
• Support strategic initiatives related to compliance, audit readiness, and third-party risk management.
  

• Define and deliver Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to measure the maturity and effectiveness of security controls.
• Prepare and present risk reports, dashboards, and heatmaps to executive leadership and audit committees.
  

• Partner with business stakeholders to ensure alignment with regulatory requirements (e.g., GDPR, HIPAA, SOX, PCI-DSS).
• Serve as a trusted advisor to technology and business teams, helping them make risk-informed decisions.
• Champion a risk-aware culture through education, communication, and continuous engagement.
  

Qualifications

• Bachelor's degree in Information Security, Computer Science, Risk Management, or related field.
• 7+ years of experience in Information Security, GRC, or Risk Management, with at least 3 years in a lead or senior role.
• Strong understanding of information security principles, risk assessment methodologies, and governance frameworks (ISO 27001, NIST, COSO, etc.).
• Experience with risk management tools (e.g., Archer, ServiceNow GRC, OneTrust, or similar).
• Exceptional communication skillsable to translate complex risk topics into actionable insights for executives and business partners.
  

Preferred

• Professional certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer, or CGEIT.
• Experience in cloud risk management (AWS, Azure, GCP).
• Background in regulatory compliance and third-party risk.