Information Security Manager - GRC

View full description

Requirements:

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Industry certifications such as CISSP, CISM, or CISA are preferred.
• Minimum of 5 years in information security, risk management, audit, or compliance roles focused on GRC programs.
• Strong understanding of global regulatory requirements including GDPR, SOC2, ISO 27001, and familiarity with frameworks like NIST.
• Experience managing third-party risk assessments and compliance.
• Excellent analytical and problem-solving skills with an outcome-driven mindset.
• Strong interpersonal skills for engaging cross-functional teams and communicating complex security concepts.
• Superior time-management abilities with attention to detail and capability to manage multiple projects.

Responsibilities:

• Design, implement, and maintain a comprehensive GRC framework aligned with industry standards.
• Develop, review, and update security policies and procedures with internal stakeholders.
• Conduct risk assessments and provide insights to executive leadership on security risks.
• Oversee third-party risk management for vendor compliance.
• Develop incident response plans and coordinate investigations.
• Ensure ongoing compliance with regulatory requirements through audits and assessments.
• Deliver training programs to enhance security awareness across the organization.
• Coordinate internal and external audits, ensuring thorough preparation and remediation.
• Proactively identify and implement process improvements for overall security enhancement.
• Manage and mentor a small team of GRC professionals.