Job Purpose:
Support the organization's cybersecurity Governance, Risk, and Compliance (GRC) activities. Ensure compliance with internal policies, regulations, and industry standards. Help identify and manage cyber risks, assist with audits, and maintain a strong security posture.
Key Responsibilities:
- Create and update cybersecurity policies, procedures, and standards.
- Perform risk assessments and review third-party/vendor risks.
- Ensure compliance with frameworks like ISO 27001, NIST, GDPR, PCI-DSS, HIPAA.
- Maintain the risk register and track mitigation plans.
- Support audits by gathering evidence and addressing findings.
- Stay updated on regulatory changes and update policies accordingly.
- Help deliver security awareness training to employees.
- Prepare reports and dashboards on compliance, risk, and audit results.
- Use GRC tools to manage compliance and risk workflows.
Qualifications:
- Education: Bachelor's degree in Cybersecurity, IT, Risk Management, or related field.
- Experience: 35 years in Cybersecurity, GRC, or IT audit roles.
- Skills: Knowledge of frameworks (ISO 27001, NIST) and GRC tools.
- Strong understanding of cybersecurity controls, risk assessment, and compliance.
- Good analytical and documentation skills.
- Experience in regulated industries is a plus.
