We are seeking a dedicated professional with experience in GRC (Governance, Risk Management, and Compliance). The ideal candidate will collaborate with internal stakeholders and external auditors to manage Information Security and compliance risks. While experience in various lead auditing roles will be considered, our primary preference is for expertise in leading PCI, SOC2, and Cloud Security audits.
About the team:
Small team and currently growing to accommodate support to multiple business units and create robust Risk culture within the organization
What you’ll be doing:
Leads, owns, and drives projects, audits, and proactive initiatives with minimal oversight, ensuring successful delivery from concept to completion, while complying with both internal and external standards and regulations
Extensive experience and expertise while consistently improve risk, compliance & resilience strategies, roadmaps and align with industry frameworks PCI DSS, SOC2, BCP etc.
Leads and manages Internal & External IT Audits,
Ensuring clear communication to achieve the intended vision, and spearheads major cross-platform and cross-functional initiatives
This position requires a proven subject matter expert with demonstrated competency in the planning, development, program execution, maintenance and testing of GRC functions including Business Continuity
Track and ensure adequate and timeley resolution to all audit and risk assessment findings or issues relating to information security, and never miss a deadline
Proactively and effectively communicates any gaps or improvements, both internally and externally, through written and verbal communication
Positively influences the team and peer teams by proactively spearheading advancements
What are we looking for?
Experience of working on Risk Analytics experience within IT Threat, Vulnerability, Business Continuity, and Risk Assessment, National and International Regulatory Compliances and Frameworks such as NIST Cyber Security Framework, ISO, PCI DSS, GDPR etc. In depth knowledge of IT Security Management risk practices
Bachelor’s degree in a related field such as Business, Computer Information Systems, Computer Science, Information Systems Management, or equivalent professional experience
7-10 years of experience working in a technology role, preferably in a security background.
Strong understanding of Information Security standards
The ability to work on multiple projects simultaneously and balance conflicting demands
Comfortable analyzing operational and technical data, working under pressure and meeting deadlines
Independent self-starter, problem-solving mindset, team player and ability to multi-task
Strong communication, including presentation skills, able to convey complex concepts to a variety of audiences
Strong project management skills and great stake holder management in the key of success.
The flexibility to make quick decisions as disasters change and develop
