GRC Lead

sive experience in the specialty in lieu of every year of education.

• At Least 4 years of experience in Information Technology.
• At least 3 years of years of experience in Cyber security space, at least lead the risk management programme as a GRC practitioner and have administrative knowledge of CyberGRX Third party Risk management tool.
• Manage and maintain enterprise-wise Risk register
• Responsible for Governance through owning and managing risk policies, standards and guidelines. Including conducting regular reviews with the internal stakeholders and update to address emerging risks and regulatory changes.
• Perform Capability Maturity Model (CMM) self-assessments quarterly and update the CMM score on the master template.
• All applicants authorized to work in the United States are encouraged to apply.

Preferred Qualifications:

• Drive and support Risk Register automation efforts
• Manage and execute the IT/OT Cybersecurity Policies and Procedures development and refresh
• Govern the Third-Party Risk Management program
• Manage and report on Management Action Plans (MAP)
• Publish and manage changes of NIST 800-53 knowledge base articles.
• Security qualifications ie., CISSP,CISA,CISM
• Experience with a variety of compliance frameworks, such as NIST Cybersecurity framework, ISO 27001, ISO27002 and SOC2.
• Solid understanding of regulations, industry standards, and leading practices related to the security of IT infrastructure and cloud as well as data security and privacy.
• Excellent communication and collaboration skills to engage with global strategic programs and the business function leaders to drive the security objective.
• Working knowledge of NIST 800-53
• Working knowledge of ISA/IEC 62443 framework
• Experience and desire to work in a Global delivery environment

The job entails extensive amount of travel. The job also entails sitting as well as working at a computer for extended periods of time. Should be able to communicate by telephone, email or face to face