Description
Job Summary:
The Senior GRC Specialist plays a critical role in ensuring an organization's compliance with regulatory standards and best practices, such as NIST, ISO 27001, and NIS2. These professionals lead risk assessments, implement governance frameworks, and perform detailed audits. They collaborate with cross-functional teams to enhance the organization's overall security posture and ensure regulatory adherence.
Key Responsibilities
Governance Framework Implementation: Develop and maintain governance frameworks based on NIST, ISO 27001, and NIS2 standards.
Ensure alignment between business goals and security policies.
Policy Development: Create, review, and update security policies, procedures, and standards.
Ensure policies address legal, regulatory, and industry compliance requirements.
Stakeholder Engagement: Act as a liaison between technical teams and executive leadership to communicate compliance strategies and risk status.
Provide strategic advice to stakeholders on governance matters.
Risk Management Risk Assessments: Conduct enterprise-wide risk assessments to identify, evaluate, and prioritize risks.
Analyze threats, vulnerabilities, and mitigation strategies.
Risk Mitigation Plans: Develop risk treatment and mitigation plans based on assessment findings.
Monitor and report on risk metrics to senior leadership.
Third-Party Risk Management: Assess vendors and third parties for compliance with regulatory standards and contractual obligations.
Compliance & Audit Audit Planning and Execution: Plan, conduct, and lead internal and external audits for NIST, ISO 27001, and NIS2 compliance.
Manage audit schedules, evidence collection, and gap analysis.
Regulatory Adherence: Interpret and apply compliance mandates (e.g., GDPR, HIPAA, PCI DSS) in alignment with NIST and ISO 27001.
Monitor emerging regulations like NIS2 and assess organizational impact.
Audit Reporting & Follow-up: Prepare detailed audit reports, identifying gaps and recommending corrective actions.
Ensure timely resolution of audit findings and compliance gaps.
Training & Awareness Team Development: Train and mentor junior staff on GRC principles, compliance frameworks, and audit processes.
Foster a culture of risk awareness and security compliance across the organization.
Awareness Campaigns: Lead information security awareness initiatives to educate employees on compliance requirements and responsibilities.
Requirements
Required Skills and Expertise
Frameworks and Standards Deep knowledge of: NIST (800-53, CSF, etc.)
ISO 27001/27002 (and associated controls).
NIS2 Directive requirements.
Familiarity with additional standards like SOC 2, CIS Controls, and COBIT.
Technical Proficiency Proficiency in using GRC tools such as: RSA Archer, ServiceNow GRC, or equivalent platforms.
Vulnerability scanning and risk management tools like Tenable and Qualys.
Understanding of IT security technologies, including: Firewalls, endpoint protection, and SIEM solutions.
Risk & Audit Skills Advanced experience in: Conducting risk assessments and business impact analyses (BIAs).
Leading internal and external audits.
Ability to create detailed audit documentation and remediation roadmaps.
Soft Skills Strong analytical and critical thinking abilities.
Excellent communication and presentation skills for technical and non-technical audiences.
Collaborative mindset for cross-departmental initiatives.
Qualifications
Education: Bachelor's or master's degree in information security, Cybersecurity, or a related field.
Certifications: CISSP (Certified Information Systems Security Professional).
CISM (Certified Information Security Manager).
ISO 27001 Lead Implementer or Auditor Certification.
CRISC (Certified in Risk and Information Systems Control).
Experience: Minimum 7-10 years of experience in governance, risk, and compliance roles.
Proven track record of leading successful compliance and audit programs for NIST, ISO 27001, and NIS2.
What We Offer
Being a part of TEAM International gives you the chance to work on challenging projects with great professionals, international clients, and the latest technologies.
We have a great benefits package that includes:
English lessons
Private Health Insurance
20+ Vacation days
Education allowance, etc.
#J-18808-Ljbffr