GRC Specialist (Governance, Risk, and Compliance)

View full description

Requirements:

• Bachelor’s degree in information technology with a major of Cybersecurity (master’s degree preferred).
• Professional certifications such as CISSP, CISM, CRISC, CISA, or similar.
• Minimum of 10 years of experience in technical IT security, governance, risk management, and compliance roles.
• Strong technical knowledge of IT governance frameworks, regulatory requirements, and best practices.
• Strong analytical and problem-solving skills with attention to detail.
• Ability to manage multiple technical projects and priorities in a fast-paced environment.
• Experience with technical security and GRC tools and software.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Proficiency in risk assessment methodologies and tools.
• Experience with IT audit processes and procedures.
• Knowledge of relevant laws and regulations such as GDPR, HIPAA, SOX, etc.

Responsibilities:

• Develop and implement advanced IT security strategies and solutions.
• Manage and monitor security systems, including firewalls, intrusion detection systems, and endpoint protection.
• Conduct detailed security assessments, vulnerability scans, and penetration tests.
• Respond to and resolve complex security incidents, including conducting forensic investigations and root cause analysis.
• Ensure the implementation of security controls and best practices across IT systems and networks.
• Identify, assess, and prioritize technical MIS and Engineering risks.
• Develop and implement risk management strategies and technical mitigation plans.
• Stay current on and compliant with relevant laws and regulations related to IT security and compliance.
• Prepare and present regular technical reports on MIS security, governance, risk, and compliance to senior management and the board.