Senior GRC Specialist

Beyond ONE

Why this role matters:

As a Cybersecurity GRC (Governance, Risk, and Compliance) Professional, you will play a key role in developing and overseeing the organization's cybersecurity governance, risk management, and compliance programs. Your contributions will help shape the cybersecurity posture of the organization, ensuring compliance with CRF, CSCC, ECC, NDMO, and other regulatory requirements while mitigating risks that could impact business operations.

What success looks like:

In your first year, you will:

• Develop and implement cybersecurity policies and procedures that align with industry best practices and regulatory requirements.
• Enhance the organization s risk management framework, ensuring vulnerabilities are identified, tracked, and mitigated.
• Strengthen compliance and risk reporting mechanisms, providing clear visibility into cybersecurity risks for senior leadership.

Why this is for you:
If you're keen on solving complex cybersecurity challenges while ensuring regulatory compliance, hit us up. We're looking for someone ready to tackle this challenge head-on and make an impact from day one.

Key Responsibilities

In this role, you will:

• Develop and maintain cybersecurity policies, standards, and guidelines, ensuring alignment with industry frameworks and regulatory requirements.
• Conduct technical and IT risk assessments, identifying vulnerabilities in the organization s systems and recommending mitigation strategies.
• Monitor and report on cybersecurity risks and compliance issues, ensuring proactive risk management.
• Collaborate with IT and business stakeholders to integrate cybersecurity governance with business objectives.
• Maintain and manage the risk register, ensuring risks are documented, assessed, and tracked in alignment with the risk management framework.
• Perform continuous follow-ups, conduct regular meetings, and escalate unresolved risks to leadership as necessary.
• Develop and implement the security awareness program, providing guidance and training to employees on cybersecurity policies and procedures.
• Support incident response activities, participating in investigations and post-incident reviews to enhance security measures
• Engage with external auditors and regulatory bodies, ensuring compliance with cybersecurity laws and standards.
• Stay current on cybersecurity trends and best practices, proactively integrating new security measures into the organization.

Qualifications & Attributes:
We re seeking someone who embodies the following:

Education:

• Bachelor s degree in Computer Science, Information Technology, or a related field.

Experience:

• 5 8 years of experience in cybersecurity governance, risk management, and compliance (GRC)

Technical Skills:
Must-haves:

• Strong knowledge of cybersecurity frameworks and standards such as NIST, ISO 27001, PCI DSS.
• Experience implementing and managing GRC tools and software.
• Proficiency in conducting risk assessments and developing mitigation strategies.

Nice-to-haves:

• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification.
• Familiarity with regulatory compliance standards in cybersecurity across different industries.

Unique Attributes:

• Thrives in high-stakes environments, balancing compliance with business needs.
• Possesses strong analytical and problem-solving skills to assess and address security risks.
• Excels in cross-functional collaboration, effectively communicating cybersecurity requirements to technical and non-technical stakeholders