Senior GRC Specialist

Why this role matters

As a Cybersecurity GRC (Governance, Risk, and Compliance) Professional you will play a key role in developing and overseeing the organization’s cybersecurity governance, risk management, and compliance programs. Your contributions will help shape the cybersecurity posture of the organization, ensuring compliance with CRF, CSCC, ECC, NDMO, and other regulatory requirements while mitigating risks that could impact business operations.

In your first year you will develop and implement cybersecurity policies and procedures that align with industry best practices and regulatory requirements, enhance the organization’s risk management framework, ensure vulnerabilities are identified, tracked, and mitigated, strengthen compliance and risk reporting mechanisms, and provide clear visibility into cybersecurity risks for senior leadership.

If you are keen on solving complex cybersecurity challenges while ensuring regulatory compliance, you are ready to tackle this challenge head‑on and make an impact from day one.

• Develop and maintain cybersecurity policies, standards, and guidelines, ensuring alignment with industry frameworks and regulatory requirements.
• Conduct technical and IT risk assessments, identifying vulnerabilities in the organization’s systems and recommending mitigation strategies.
• Monitor and report on cybersecurity risks and compliance issues, ensuring proactive risk management.
• Collaborate with IT and business stakeholders to integrate cybersecurity governance with business objectives.
• Maintain and manage the risk register, ensuring risks are documented, assessed, and tracked in alignment with the risk management framework.
• Perform continuous follow‑ups, conduct regular meetings, and raise unresolved risks to leadership as necessary.
• Develop and implement the security awareness program, providing guidance and training to employees on cybersecurity policies and procedures.
• Support incident response activities, participating in investigations and post‑incident reviews to enhance security measures.
• Engage with external auditors and regulatory bodies, ensuring compliance with cybersecurity laws and standards.
• Stay current on cybersecurity trends and best practices, proactively integrating new security measures into the organization.

• Education: Bachelor’s degree in Computer Science, Information Technology, or a related field.
• Experience: 5‑8 years of experience in cybersecurity governance, risk management, and compliance (GRC).
• Technical Skills (Must‑haves):
  • Strong knowledge of cybersecurity frameworks and standards such as NIST, ISO
    27001, PCIDSS.
  • Experience implementing and managing GRC tools and software.
  • Proficiency in conducting risk assessments and developing mitigation strategies.
• Nice‑to‑haves:
  • Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification.
  • Familiarity with regulatory compliance standards in cybersecurity across different industries.
• Unique Attributes:
  • Thrives in high‑stakes environments, balancing compliance with business needs.
  • Possesses strong analytical and problem‑solving skills to assess and address security risks.
  • Excels in cross‑functional collaboration, effectively communicating cybersecurity requirements to technical and non‑technical stakeholders.