Senior GRC Specialist

Overview

• Why this role matters:
• As a Cybersecurity GRC (Governance, Risk, and Compliance) Professional, you will play a key role in developing and overseeing the organization's cybersecurity governance, risk management, and compliance programs.
• Your contributions will help shape the cybersecurity posture of the organization, ensuring compliance with CRF, CSCC, ECC, NDMO, and other regulatory requirements while mitigating risks that could impact business operations.
• What success looks like:
• In your first year, you will:
• Develop and implement cybersecurity policies and procedures that align with industry best practices and regulatory requirements.
• Enhance the organization s risk management framework, ensuring vulnerabilities are identified, tracked, and mitigated.
• Strengthen compliance and risk reporting mechanisms, providing clear visibility into cybersecurity risks for senior leadership.
• Why this is for you:
• If you're keen on solving complex cybersecurity challenges while ensuring regulatory compliance, hit us up.
• We're looking for someone ready to tackle this challenge head-on and make an impact from day one.

Key Responsibilities

• In this role, you will:
• Develop and maintain cybersecurity policies, standards, and guidelines, ensuring alignment with industry frameworks and regulatory requirements.
• Conduct technical and IT risk assessments, identifying vulnerabilities in the organization s systems and recommending mitigation strategies.
• Monitor and report on cybersecurity risks and compliance issues, ensuring proactive risk management.
• Collaborate with IT and business stakeholders to integrate cybersecurity governance with business objectives.
• Maintain and manage the risk register, ensuring risks are documented, assessed, and tracked in alignment with the risk management framework.
• Perform continuous follow-ups, conduct regular meetings, and escalate unresolved risks to leadership as necessary.
• Develop and implement the security awareness program, providing guidance and training to employees on cybersecurity policies and procedures.
• Support incident response activities, participating in investigations and post-incident reviews to enhance security measures
• Engage with external auditors and regulatory bodies, ensuring compliance with cybersecurity laws and standards.
• Stay current on cybersecurity trends and best practices, proactively integrating new security measures into the organization.

& Attributes

Education

• Bachelor s degree in Computer Science, Information Technology, or a related field.

Experience

• 5 8 years of experience in cybersecurity governance, risk management, and compliance (GRC)

Must-haves

• Strong knowledge of cybersecurity frameworks and standards such as NIST, ISO 27001, PCI DSS.
• Experience implementing and managing GRC tools and software.
• Proficiency in conducting risk assessments and developing mitigation strategies.

Nice-to-haves

• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification.
• Familiarity with regulatory compliance standards in cybersecurity across different industries.

Unique Attributes

• Thrives in high-stakes environments, balancing compliance with business needs.
• Possesses strong analytical and problem-solving skills to assess and address security risks.
• Excels in cross-functional collaboration, effectively communicating cybersecurity requirements to technical and non-technical stakeholders