Develop and maintain corporate governance policies and frameworks.
Ensure effective communication and enforcement of governance principles across the organization.
Work closely with senior management and the board of directors to provide regular updates on governance issues.
Oversee the creation, management, and execution of risk and controls assessments, including but not limited to vendor risk assessments, and system authorization-to-operate (ATO) assessments.
Conduct comprehensive risk assessments of administrative and technical security controls to report and consult mitigations of the cybersecurity risk in accordance with Giza Systems risk management framework.
Develop and implement IT and cybersecurity policy including writing and managing updates to policies, procedures, and standards documentation.
Perform management and execution of system assessments, risk assessments, or vulnerability assessments, including, resolution of discovered issues and development of POAM documentation “Plan of Action and Milestones”
Develop specific cybersecurity plans to mitigate risks according to the risk level.
Identify, assess, and prioritize organizational risks.
Develop and implement risk management strategies and processes.
Monitor and report on risk exposure and mitigation activities.
Ensure the organization complies with all applicable laws, regulations, and internal policies.
Establish a mechanism for receiving, tracking, recording, investigating, and responding to all issues about cybersecurity policies and practices
Develop, implement, and manage compliance programs and initiatives.
Conduct regular compliance audits and assessments.
Investigate and resolve compliance issues, gaps and incidents.
Lead and mentor a team of GRC professionals.
Foster a culture of ethical behavior, accountability, and continuous improvement.
Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals.
Maintain updated on the way cyber standards, practices, and procedures are used while developing and managing services.
Review, conduct, or perform audits and reviews of cyber programs and projects.
Prepare and present regular reports to senior management and the board of directors.
Maintain accurate and comprehensive documentation of GRC activities.
Stay current with industry trends and best practices in GRC.
Facilitate risk management training and awareness programs.
Collaborate with various departments to integrate GRC practices into business operations.
