Senior Cybersecurity GRC Officer

The Senior Cybersecurity GRC Officer is responsible for leading and executing cybersecurity governance, risk, compliance, policy management, control assessment and audit support activities. The role identifies, assesses, monitors and reports cybersecurity risks; ensures the cybersecurity program complies with applicable requirements, policies and standards; develops and maintains cybersecurity policies; assesses cybersecurity control effectiveness; and supports cybersecurity audits and assurance activities.

• Conduct cybersecurity risk assessments for systems, applications, infrastructure, third parties, projects and major technology changes.
• Develop cybersecurity risk profiles by assessing threats, vulnerabilities, likelihood, impact and existing controls.
• Develop risk mitigation strategies, countermeasures and residual risk statements in line with risk appetite.
• Maintain cybersecurity risk registers and confirm whether risk levels remain within acceptable limits.
• Coordinate with risk owners to assign ownership, agree treatment actions, define target dates and track remediation status.
• Provide input to the cybersecurity risk management framework, scoring methodology and related documentation.
• Use continuous monitoring outputs, metrics and evidence to support ongoing cybersecurity risk awareness.
• Communicate cybersecurity risks and posture to management in clear, concise and actionable reporting.

• Monitor and evaluate cybersecurity program compliance with applicable requirements, policies, standards and controls.
• Analyze cybersecurity defense policies and configurations to evaluate compliance with regulations and organizational directives.
• Develop methods to monitor and measure risk, compliance and assurance activities.
• Maintain awareness of applicable cybersecurity legislation, regulatory requirements, accreditation standards and compliance documentation.
• Coordinate with relevant regulatory agencies, external auditors and authorized parties during compliance reviews or investigations.
• Collect evidence, track remediation and maintain audit‑ready documentation for compliance activities.
• Develop cybersecurity compliance processes and audits for services provided by third parties where applicable.

• Develop cybersecurity policies and related documentation.
• Review existing and proposed policies and related documentation with stakeholders.
• Analyze the organization’s cybersecurity policy environment and identify improvement requirements.
• Work with stakeholders to develop cybersecurity policies aligned with the organization’s cybersecurity strategy.
• Create, update, publish and maintain cybersecurity policies, standards, procedures and supporting governance documents.
• Provide policy guidance to cybersecurity management, staff and users.
• Ensure policies are periodically reviewed and remain aligned with organizational objectives, cybersecurity strategy and regulatory requirements.

• Assess the effectiveness of cybersecurity controls across technology, process and governance areas.
• Perform cybersecurity reviews and identify security gaps in security architecture, system design and control implementation.
• Assess configuration management processes and verify that system, application and network configurations comply with cybersecurity policies.
• Review risk registers, accreditation packages and supporting documentation to assess whether risk and control evidence are complete and accurate.
• Provide technical and procedural evaluations of applications, systems or networks and document compliance against agreed cybersecurity requirements.
• Recommend cost‑effective security controls and remediation strategies to mitigate identified risks and control gaps.
• Ensure security design and cybersecurity development activities are appropriately documented.
• Track remediation of vulnerabilities and control deficiencies to support control maturity improvement.

• Plan, support, conduct and manage cybersecurity…