Cybersecurity GRC Specialist
Role details
Job location
Tech stack
Job description
As the Cyber Security GRC Specialist, you will be responsible for the implementation of the organization-wide RMF, Assurance, and ISMS to support the establishment and improvement of the information security program. The purpose of this position is to provide domain expertise for the implementation of the cybersecurity GRC management program.
Justification
Increased cyber risk landscape and company growth demands a mature risk management practice as part of the Office of the CISO. This is a common requirement per CMMC, NIST, and ISO27001 compliance among others, necessitating experienced staff to support various worldwide business units.
What you'll do :
- Serve as a cybersecurity / IT RM and Cyber Assurance topics specialist for business stakeholders and customers.
- Implement cybersecurity governance, risk management, and compliance vision, strategy, and implementation roadmap.
- Lead implementation of TPRM / ITRM plans, cyber compliance projects, assessment / audit projects, dashboards, and reporting (KRIs / KPIs, CyberSecurity status scorecard).
- Support the implementation of RM processes and ISMS through automated GRC tools.
- Drive the maturity of the organization to implement RMF, ISMS ISO 27001, and CMMC compliance.
Requirements
- At least 8 years of experience with a high level of information security expertise.
Education in Computer Engineering or similar fields of study.
Desired certifications: CISM, CRISC, CISSP, ISO27001 LI / LA.
Knowledge of information security controls frameworks and RM methodologies.
Experience with ISMS implementation, ISO27001 certification, cybersecurity audits, and attestation reports.
Benefits & conditions
- Competitive compensation with regular annual salary reviews.
- Fully remote or hybrid work options (2 days office, 3 days home).
- Continuous learning and clear progression plans.
- Comprehensive benefits including health insurance, paid leave, retirement plans, and more.
