Key skills
CloudAIAgenticAnalyticsLeadershipRisk ManagementMentoring
About this role
Role Overview
- Develop and implement an Information Security GRC strategy, aligning with business objectives, risk tolerance, security frameworks, and regulatory requirements, providing both short-term and long-term roadmaps.
- Manage the lifecycle of security policies, standards, and procedures to comply with regulations and industry standards, including SOX, SOC2, ISO 27001, and DORA.
- Oversee the implementation and management of the Security GRC platform to enhance visibility into organizational risk and compliance, while providing actionable intelligence on vendor and customer-facing security posture.
- Lead and mature the third-party risk management and customer trust processes, including onboarding, risk assessments, audits, security documentation, and remediation efforts.
- Define and monitor key risk and compliance indicators (KRIs/KPIs), implementing continuous monitoring to ensure vendor performance, customer assurance, and policy adherence are in line with program effectiveness and accountability.
- Coordinate and support comprehensive technology audits and collaborate with external auditors to meet audit requirements and timelines, managing assessments of IT general controls and maintaining the enterprise cyber risk register.
- Foster a cyber-aware culture by implementing training programs, managing a Security Culture Framework, and building a high-performing GRC team through leadership, mentoring, and development.
- Partner with IT, security, and compliance teams to provide insights and guidance on risk mitigation strategies, control enhancements, and findings remediation, while communicating audit findings and recommendations to senior management.
- Prepare and present regular reports to the executive team on GRC posture and initiatives, leveraging automated audit tools and data analytics for improved audit efficiency and insights.
Requirements
- Bachelor’s degree in information technology, Computer Science, or a related field.
- 15+ years of experience in information security focusing on governance, risk and compliance domains.
- Strong knowledge of IT risk assessment, IT General Controls, NIST framework, and other compliance frameworks.
- Hands-on experience with third-party risk management programs, encompassing vendor assessments, contract clauses, remediation tracking, and customer trust initiatives.
- In-depth understanding of application, endpoint, network, cloud and infrastructure security controls to validate control design and drive mitigation of identified gaps.
- Expertise in deploying and managing GRC and automation platforms, and effectively translating risk data into executive dashboards and meaningful KRIs/KPIs.
- Familiarity with AI tools and trends such as generative and agentic AI, with a willingness to creatively apply emerging technologies to address identified risks.
- Professional certifications like Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) are strongly preferred.
Tech Stack
- Cloud
Benefits
- Mentorship and growth opportunities from senior employees.
- Career progression planning and a focus on career development, complete with dedicated time each month for conference attendance, online learning seminars, and networking.
- A robust social community dedicated to volunteerism, intramural sports, and team-building events.
- Business resource groups that align with our company value of "Always Inclusive," designed to foster a welcoming and supportive environment for all.