Senior Cybersecurity GRC Officer

The Senior Cybersecurity GRC Officer is responsible for leading and executing cybersecurity governance, risk, compliance, policy management, control assessment and audit support activities. The role identifies, assesses, monitors and reports cybersecurity risks; ensures the cybersecurity program complies with applicable requirements, policies and standards; develops and maintains cybersecurity policies; assesses cybersecurity control effectiveness; and supports cybersecurity audits and assurance activities.

Conduct cybersecurity risk assessments for systems, applications, infrastructure, third parties, projects and major technology changes.

Develop cybersecurity risk profiles by assessing threats, vulnerabilities, likelihood, impact and existing controls.

Develop risk mitigation strategies, countermeasures and residual risk statements in line with risk appetite.

Maintain cybersecurity risk registers and confirm whether risk levels remain within acceptable limits.

Coordinate with risk owners to assign ownership, agree treatment actions, define target dates and track remediation status.

Provide input to the cybersecurity risk management framework, scoring methodology and related documentation.

Use continuous monitoring outputs, metrics and evidence to support ongoing cybersecurity risk awareness.

Communicate cybersecurity risks and posture to management in clear, concise and actionable reporting.

Monitor and evaluate cybersecurity program compliance with applicable requirements, policies, standards and controls.

Analyze cybersecurity defense policies and configurations to evaluate compliance with regulations and organizational directives.

Develop methods to monitor and measure risk, compliance and assurance activities.

Maintain awareness of applicable cybersecurity legislation, regulatory requirements, accreditation standards and compliance documentation.

Coordinate with relevant regulatory agencies, external auditors and authorized parties during compliance

reviews or investigations.

Collect evidence, track remediation and maintain audit-ready documentation for compliance activities.

Develop cybersecurity compliance processes and audits for services provided by third parties where applicable.

Develop cybersecurity policies and related documentation.

Review existing and proposed policies and related documentation with stakeholders.

Analyze the organization’s cybersecurity policy environment and identify improvement requirements.

Work with stakeholders to develop cybersecurity policies aligned with the organization’s cybersecurity strategy.

Create, update, publish and maintain cybersecurity policies, standards, procedures and supporting governance documents.

Provide policy guidance to cybersecurity management, staff and users.

Ensure policies are periodically reviewed and remain aligned with organizational objectives, cybersecurity strategy and regulatory requirements.

Assess the effectiveness of cybersecurity controls across technology, process and governance areas.

Perform cybersecurity reviews and identify security gaps in security architecture, system design and control implementation.

Assess configuration management processes and verify that system, application and network configurations comply with cybersecurity policies.

Review risk registers, accreditation packages and supporting documentation to assess whether risk and control evidence are complete and accurate.

Provide technical and procedural evaluations of applications, systems or networks and document compliance against agreed cybersecurity requirements.

Recommend cost-effective security controls and remediation strategies to mitigate identified risks and control gaps.

Ensure security design and cybersecurity development activities are appropriately documented.

Track remediation of vulnerabilities and control deficiencies to support control maturity improvement.

Plan, support, conduct and manage cybersecurity audits or reviews of systems, networks, applications, services and cybersecurity processes.

Prepare cybersecurity assessment and audit reports that identify technical and procedural findings with recommended remediation actions.

Track audit findings and recommendations to ensure appropriate mitigation actions are taken.

Maintain an audit log and evidence repository for cybersecurity controls and assurance activities.

Ensure cybersecurity audits test relevant aspects of infrastructure and policy compliance.

Develop secure information-sharing processes with external auditors when required.

Communicate audit findings, risk implications and remediation status to authorized stakeholders.

Evaluate cybersecurity aspects of contracts to ensure compliance with financial, contractual, legal

and regulatory requirements.

Ensure products implemented to manage cybersecurity risks are evaluated and authorized for use.

Determine and document supply chain risks for critical system elements.

Support cybersecurity reviews of third-party services, outsourced arrangements and supplier-provided technology solutions.

Develop and review cybersecurity compliance processes and audits for third-party services.

Identify cybersecurity and privacy issues related to connections with internal and external third parties and their supply chains.

Establish and maintain appropriate communication channels with stakeholders.

Present risk, compliance and control assessment results to technical and non-technical audiences.

Provide cybersecurity guidance to business, IT and control functions on governance, risk and compliance matters.

Work with stakeholders to resolve cybersecurity incidents, vulnerability compliance issues and control weaknesses from a GRC perspective.

Promote cybersecurity policy and strategy awareness among management and relevant users.

Support management reporting on cybersecurity risks, readiness, compliance status and progress against plans.