GRC Director
RESPONSIBILITIES:
- Promote external compliance audit planning and maintain evidence gathering
- Produce and maintain quality process and standard operating procedure documentation
- Help to implement and automate security frameworks and controls throughout our environment
- Control the processing of client security forms to assist with client onboarding
- Assist our client’s third-party risk management programme by conducting security and risk evaluations of potential and current vendors
- Promote a security awareness culture by keeping our training materials up to date and running occasional sessions on selected topics
- Drive continuous improvement of our cyber security program by challenging its status quo, identifying areas of cyber risk and improvements, and following industry best practices
- Maintain a set of performance metrics to measure control effectiveness and inform strategic decisions
- Contribute to regular risk assessments and manage our risk treatment plan
- Support our internal auditing program
- Coordinate information security calendar events such as regular penetration tests, auditing activities, reviews, etc
QUALIFICATIONS:
- 4+ years of relevant experience in supporting Governance, Risk & Compliance programs
- Passion for cyber security as a business enabler in a fast-paced environment
- Working knowledge in security frameworks like ISO 27000 family, SOC 2, PCI-DSS, CIS, NIST, etc
- Internal auditing capabilities against ISO 27001 and SOC 2 are desirable
- Demonstrated ability to break down complex compliance requirements, and design and implement scalable processes that won’t slow down the business
- Experience in compliance metrics reporting with attention to detail and focus on outcomes
- Natural affinity to documentation creation and maintenance
- Strong verbal and written communication skills and stakeholder management experience with an ability to translate security and technical information into clear business language