We are seeking a highly skilled and experienced Security GRC Specialist to join our team. This position reports directly to the GRC Manager, as part of the CISO group. The ideal candidate should have a strong background in GRC, with a proven track record of successfully implementing GRC programs. This role requires a diligent professional who thrives in a fast-paced environment and can manage multiple priorities while maintaining attention to detail.
Key Responsibilities:
Develop, implement, and maintain GRC frameworks, policies, and procedures.
Manage ISO 27001/ISO27017/ISO27018 compliance by conducting gap analyses, maintaining ISMS documentation, and coordinating audits to ensure ongoing certification.
Respond to customer due diligence requests and support the review of security and compliance clauses in customer and vendor contracts,
Conduct third-party risk assessments and identify potential security threats and vulnerabilities.
Manage and maintain the GRC platform to ensure accurate compliance monitoring, documentation, and audit support
Collaborate with cross-functional teams to integrate GRC initiatives into business processes.
Provide guidance and support to internal stakeholders on GRC-related matters.
Stay up to date with industry trends and emerging threats to continuously improve the GRC program.
Key Responsibilities:
Develop, implement, and maintain GRC frameworks, policies, and procedures.
Manage ISO 27001/ISO27017/ISO27018 compliance by conducting gap analyses, maintaining ISMS documentation, and coordinating audits to ensure ongoing certification.
Respond to customer due diligence requests and support the review of security and compliance clauses in customer and vendor contracts,
Conduct third-party risk assessments and identify potential security threats and vulnerabilities.
Manage and maintain the GRC platform to ensure accurate compliance monitoring, documentation, and audit support
Collaborate with cross-functional teams to integrate GRC initiatives into business processes.
Provide guidance and support to internal stakeholders on GRC-related matters.
Stay up to date with industry trends and emerging threats to continuously improve the GRC program.
Requirements:
Minimum of 3 years of experience in GRC, and information security.
Strong knowledge of regulatory requirements and industry standards (e.g., GDPR, ISO 27001).
Experience in responding to customer due diligence requests.
Experience in conducting security audits such as SOC 2 and ISO 27000 family.
Experienced with leading GRC platforms, covering third-party risk management, audit management, and security awareness programs.
Excellent analytical, attention to detail, problem-solving, and communication skills.
We are looking for a passionate candidate who can work independently and collaboratively as part of a team in a fast-paced environment.
Relevant certifications such as CISSP, CISM, or CRISC are preferred.
Highly advantageous experience with:
ISO 42001 compliance, including implementation, documentation, and audit coordination.
Payment Card Industry (PCI) standards.
Business Continuity Management.
Developing GRC platform automations, integrations, and workflows.
Minimum of 3 years of experience in GRC, and information security.
Strong knowledge of regulatory requirements and industry standards (e.g., GDPR, ISO 27001).
Experience in responding to customer due diligence requests.
Experience in conducting security audits such as SOC 2 and ISO 27000 family.
Experienced with leading GRC platforms, covering third-party risk management, audit management, and security awareness programs.
Excellent analytical, attention to detail, problem-solving, and communication skills.
We are looking for a passionate candidate who can work independently and collaboratively as part of a team in a fast-paced environment.
Relevant certifications such as CISSP, CISM, or CRISC are preferred.
Highly advantageous experience with:
ISO 42001 compliance, including implementation, documentation, and audit coordination.
Payment Card Industry (PCI) standards.
Business Continuity Management.
Developing GRC platform automations, integrations, and workflows.
This position is open to all candidates.
