We are seeking a highly experienced and results-driven professional to lead our Cybersecurity Governance, Risk, and Compliance (GRC) function. The successful candidate will be responsible for establishing and maintaining a robust security posture across the organisation, ensuring alignment with regulatory requirements, business objectives, and industry best practices.
Key Responsibilities
1. Governance Development & Implementation
- Establish and Maintain Frameworks: Develop, implement, and continuously maintain the organisation's comprehensive cybersecurity governance framework, including policies, standards, and procedures, ensuring alignment with business strategy and applicable regulatory mandates.
- Security Education: Lead the strategy, development, and delivery of engaging cybersecurity awareness and training programs for all employees to cultivate a strong security culture.
2. Risk Management & Control
- Risk Assessment: Conduct thorough and systematic cybersecurity risk assessments to accurately identify, evaluate, prioritise, and report risks to critical information assets and systems.
- Risk Tracking & Mitigation: Develop and manage a formal risk register, meticulously tracking identified risks, overseeing the execution of mitigation plans, and reporting on residual risk levels.
- Strategic Collaboration: Partner with business unit leaders and IT teams to effectively implement risk treatment strategies and enforce necessary security controls.
- Risk Posture Reporting: Monitor and evaluate the effectiveness of implemented security controls, providing regular, data-driven reports on the organisation's overall risk posture to senior leadership.
- Incident GRC Support: Lead incident response planning activities and actively participate in post-incident analysis to identify and drive GRC-related process and policy improvements.
3. Compliance & Audit Management
- Regulatory Adherence: Ensure strict adherence to all relevant cybersecurity laws, regulations, and industry-specific standards, including NCA ECC and ISO standards.
- Audit Coordination: Manage and coordinate all internal and external cybersecurity audits. This includes facilitating auditor access, providing comprehensive documentation, and overseeing the timely tracking and remediation of all audit findings.
- Executive Reporting: Prepare and present professional, high-impact cybersecurity compliance and risk reports to executive management and governance committees.
- GRC Liaison: Serve as the primary subject matter expert and point of contact for all Governance, Risk, and Compliance-related inquiries and strategic initiatives.
4. Stakeholder Engagement & Communication
- Effective Communication: Communicate complex GRC matters clearly and effectively to diverse audiences, ranging from technical teams to executive and board-level leadership.
- Strategic Reporting: Develop clear, concise, and actionable reports detailing cybersecurity posture, risk status, and compliance adherence for decision-makers.
- Cultural Leadership: Actively foster a measurable culture of cybersecurity awareness, accountability, and proactive risk management across all departments.
- Cross-Functional Collaboration: Collaborate with Legal, Internal Audit, and other key departments to ensure integrated and harmonised GRC efforts.
Essential Qualifications and Technical Skills
- Minimum of 10+ years of progressive experience in the cybersecurity field, with at least 3-5 years dedicated specifically to Governance, Risk, and Compliance (GRC) roles.
- B.Sc. of Engineering, Information Technology or equivalent.
- Strong background in managing compliance initiatives related to major cybersecurity frameworks (e.g., ISO 27001, NIST CSF, PCI DSS, SOC 2).
- In-depth technical knowledge of cybersecurity principles, technologies, and current best practices.
- Familiarity with various operating systems, network protocols, and core security technologies (e.g., firewalls, IDS/IPS, SIEM).
- Solid understanding of cloud security principles and architectures across major providers (AWS, Azure, GCP).
- Proven experience in developing, implementing, and enforcing comprehensive cybersecurity policies, standards, and procedures.
- Demonstrated experience with formal cybersecurity risk assessment methodologies and supporting tools.
- Extensive experience in managing both internal and external cybersecurity audits.
Personal Skills
- Exceptional written and verbal communication, presentation, and interpersonal skills.
- Ability to translate complex technical requirements and regulatory mandates into practical, risk-based business language and actions.
