Cybersecurity GRC

Key Responsibilities:
• Policy Development: Develop, review, and maintain up-to-date cybersecurity policies, standards, processes, and procedures to align with best practices and regulatory mandates.
• Security Awareness Training: Design, implement, and manage the organization's cybersecurity awareness training programs. Ensure that all employees are educated on best practices, emerging threats, and their role in maintaining the organization's security. Track participation and measure the effectiveness of training efforts to foster a security-conscious culture.
• Risk Assessments & Mitigation: Conduct thorough security risk assessments using standard risk methodologies, and collaborate with teams to develop and implement effective mitigation strategies.
• Risk Communication: Translate complex security risks for both IT and non-IT stakeholders and recommend appropriate compensating controls.
• Risk Management: Track, manage, and report on cybersecurity risks, ensuring all risk items are addressed in a timely and effective manner.
• Security Remediation: Drive remediation of security findings and gap areas with the concerned action owners and collaborate to identify short-term and long-term remediation.
• Regulatory Compliance: Ensure compliance with relevant industry standards and regulations such as NIST, ISO 27001, HIPAA, and others. Regularly review and update policies and procedures to meet evolving regulatory requirements.
• Cybersecurity Metrics: Develop and manage comprehensive cybersecurity metrics to report to leadership, driving risk informed decision-making and continuous improvement of the organization's security posture.
• Vendor Security Assessment: Evaluate the security of high-risk vendor environments by analyzing their responses to security questionnaires, with a focus on SOC 2 Type II reports, ISO certifications, and industry-standard questionnaires like SIG or CAIQ.

Minimum Qualifications:
• Education: Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• Experience:
o 10+ years of experience in cybersecurity.
o 5+ years of experience in security risk assessment, security audits, security policy and standards development or security trainings
• Technical Knowledge:
o Holistic understanding of various security areas, including Identity and Access Management (IAM), Cloud Security, Application Security, Security Monitoring, Secure development practices, Network Security, Endpoint Security
• Strong analytical and problem-solving abilities.
• Excellent communication and stakeholder management skills.
• Certifications: Relevant certifications such as CISSP, CISM, or CRISC are preferred