Cyber Security & Technology GRC Manager

Governance Development & Implementation:

• Develop, implement, and maintain the organization's cybersecurity governance framework, policies, standards, and procedures in alignment with business objectives and regulatory requirements.
• Lead the development and maintenance of cybersecurity awareness and training programs for all employees.

Risk Management:

• Conduct comprehensive cybersecurity risk assessments to identify, evaluate, and prioritize risks to information assets and systems.
• Develop and manage a risk register, tracking identified risks, mitigation plans, and residual risk levels.
• Collaborate with business units and IT teams to implement risk treatment strategies and controls.
• Monitor the effectiveness of implemented controls and report on risk posture to senior management.
• Lead incident response planning and participate in post-incident analysis to identify GRC-related improvements.

Compliance & Audit Management:

• Ensure the organization's adherence to relevant cybersecurity laws, regulations, and industry standards – NCA ECC, ISO.
• Manage internal and external cybersecurity audits, coordinating with auditors, providing necessary documentation, and tracking remediation efforts for findings.
• Prepare and present Cyber Security reports to management and relevant committees.
• Act as a primary point of contact for all GRC-related inquiries and initiatives.

Stakeholder Engagement & Reporting:

• Communicate effectively with all levels of the organization, from technical teams to executive leadership, on GRC matters.
• Prepare clear, concise, and actionable reports on cybersecurity posture, risk status, and compliance adherence.
• Foster a culture of cybersecurity awareness and accountability across the organization.
• Collaborate with legal, internal audit, and other departments to ensure integrated GRC efforts.

• Minimum of 10+ years of experience in cybersecurity, with at least 3-5 years specifically in GRC roles.

• Good communication skills.

• In-depth knowledge of cybersecurity principles, technologies, and best practices.
• Familiarity with various operating systems, network protocols, and security technologies (e.g., firewalls, IDS/IPS, SIEM).
• Understanding of cloud security principles (AWS, Azure, GCP).
• Strong background in managing compliance initiatives related to major cybersecurity frameworks (e.g., ISO 27001, NIST CSF, PCI DSS, SOC 2).
• Experience in managing internal and external audits.
• Proven experience in developing and implementing cybersecurity policies, standards, and procedures
• Demonstrated experience with cybersecurity risk assessment methodologies and tools.