Role Overview
The Cyber GRC Specialist (Governance, Risk & Compliance) will contribute to the high-level design of policies, standards, procedures and guidelines for our platforms and systems.
The goal is to assist in managing the overall governance framework, supporting compliance initiatives, and handling security and technology risks within the company's risk appetite.
The role requires a forward-thinking individual with the ability to speak with business and operational personnel regarding new and existing technologies and making recommendations when required.
Responsibilities:
- Lead the design, implementation, and ongoing management of cyber risk management activities.
- Review, update and maintain the information security policies and procedures
- Serve as the subject matter expert in driving Governance, Risk, and Compliance (GRC) adoption within the technology space.
- Conduct and coordinate compliance and control assessment activities, ensuring alignment with regulatory requirements.
- Own the user awareness training and phishing campaigns within the organization.
- Own and establish a third party security review process within the organization.
- Work with the Security Engineer and other teams to execute the cyber strategy.
- Play a key role in internal reporting of technology and cyber risk to senior leadership.
Qualifications:
- Bachelor's degree in computer science, information security, law, business or a related field.
- 3+ years of experience in similar capacity
- Strong understanding of information security principles and practices.
- Knowledge of at least two of the below information security frameworks and standards is a must:
- NIST Cybersecurity Framework (CSF)
- ISO 27001
- COBIT
- SOC 2 / AICPA TSC 2017
- PCI DSS
- NIST Cybersecurity Framework (CSF)
- Hold at least one of the following credentials:
- ISACA CISA (Certified Information Systems Auditor)
- ISACA CISM (Certified Information Security Manager)
- ISACA CRISC (Certified in Risk and Information Systems Control)
- ISC CISSP (Certified Information Systems Security Professional)
- ISC CCSP (Certified Cloud Security Professional)
- ISACA CCAK (Certificate of Cloud Auditing Knowledge)
- CSA CCSK (Certificate of Cloud Security Knowledge)
- ISO 27001 Lead Auditor / Implementer
- Proven experience in developing Risk Management Frameworks
- Experience in a regulated environment is preferred.
- Exposure to MAS Technology Risk Management Guidelines is preferred
- Exposure to DevSecOps and Cloud Security is preferred
- Excellent problem-solving and analytical skills.
- Excellent written and verbal communication skills in English.