GRC Lead

Project description

Establish and govern an enterprise-wide security framework across Network, EUC, Infra, cloud, AI, products, and business operations.

Responsibilities

• Ownership of security governance across cloud, AI usage, products, and enterprise platforms
• End-to-end risk management, policy, standards, and exception handling
• Readiness and management of ISO 27001, ISO 42001, SOC 1 or SOC 2, NIST, DORA, client audits, and regulatory requirements
• Consistent decision-making on risk acceptance and control effectiveness
• Strong linkage between security governance and business objectives
• Own and operate the cyber and information security risk management
• Identify, assess, prioritize, and track information security and cyber risks
• Manage information & Cyber risk registers, treatment plans, and risk acceptance
• Support management in risk-based decision-making and control effectiveness reviews

SKILLS

Must have

• 8+ years of experience in Information Security, Cyber Risk, or GRC roles
• Professional certifications: CISA, CRISC, ISO 27001 Lead Implementer/Lead Auditor, ISO42001
• Strong hands-on experience with Information Security Governance, Risk, and Compliance
• Proven experience leading enterprise-scale GRC programs
• Deep working knowledge of: o ISO 27001 / NIST / SOC 2 / PCI DSS o Cyber and information risk assessment methodologies o Audit and assurance processes o Regulatory compliance and control mapping
• Demonstrated experience implementing or managing GRC tools
• Strong analytical, documentation, and reporting skills
• Ability to influence and communicate effectively with senior stakeholders

Nice to have

N/A