Cybersecurity GRC Lead

Job Overview:

The Cybersecurity Governance, Risk, and Compliance (GRC) Lead will be responsible for developing, implementing, and maintaining the organization’s cybersecurity GRC framework. This role ensures that security policies, risk management practices, and compliance requirements are effectively integrated into business operations. The GRC Lead will act as the primary point of contact for all GRC-related initiatives, driving continuous improvement and alignment with industry standards.

Job Description/ Duties:

• Develop, maintain, and enforce cybersecurity policies, standards, and procedures.
• Establish governance frameworks aligned with ISO 27001, NIST, and other relevant standards.
• Provide strategic guidance to leadership on cybersecurity governance.
• Conduct enterprise-wide risk assessments and identify vulnerabilities.
• Develop risk mitigation strategies and track remediation efforts.
• Monitor emerging threats and regulatory changes to adjust risk posture.
• Lead internal and external compliance audits (e.g., GDPR, PCI-DSS).
• Ensure adherence to regulatory requirements and industry best practices.
• Maintain audit readiness and coordinate with external auditors.
• Partner with IT, Legal, and Business Units to embed GRC practices across the organization.
• Oversee third-party risk management, including vendor assessments and SLA monitoring.
• Mentor and guide junior team members in GRC practices.
• Prepare and present detailed reports on risk, compliance, and audit findings to senior management.
• Communicate cybersecurity risks and compliance status to stakeholders in clear, actionable terms.

Job Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, or related field (Master’s preferred).
• 7+ years of experience in cybersecurity governance, risk, and compliance.
• Strong knowledge of frameworks such as ISO 27001, NIST CSF, COBIT, and CIS Controls.
• Experience with regulatory compliance (GDPR, HIPAA, PCI-DSS, SOX).
• Proven track record in leading audits and risk assessments.
• Excellent communication, leadership, and stakeholder management skills.
• Relevant certifications (CISM, CISSP, CRISC, ISO 27001 Lead Auditor/Implementer).
• Experience with GRC tools (e.g., Archer, ServiceNow GRC, MetricStream).
• Familiarity with cloud security compliance (Azure, AWS, GCP).
• Strong analytical and problem-solving abilities.
• Ability to thrive in a fast-paced, evolving threat landscape.