Cybersecurity Lead_97634

MyCareernet

full-time

Required skills

PCI-DSS
change management
compliance
cross-functional
end-to-end
SOX

About the role

Website: mycareernet.co
Job details:

Key Skills: Governance, Risk, and Compliance (GRC), GRC, Third party Risk Management

Roles and Responsibilities:

Define and execute the enterprise cybersecurity GRC strategy and roadmap aligned with business and risk management objectives.
Provide leadership and direction to GRC teams covering TPRM, compliance, audits, and policy management.
Serve as a trusted advisor to senior leadership on cybersecurity risk, regulatory posture, and governance decisions.
Own the end-to-end third-party risk management program, including vendor due diligence, onboarding, periodic assessments, renewals, and continuous monitoring.
Define vendor risk tiers, assessment methodologies, and minimum cybersecurity requirements.
Partner with Procurement, Legal, Privacy, and business owners to ensure vendor risks are assessed, mitigated, and risk-accepted where appropriate.
Track and report third-party risk findings, remediation status, and risk trends through GRC platforms and executive reporting.
Lead enterprise cybersecurity compliance programs aligned with HIPAA, NIST CSF, NIST 800-53, ISO 27001, PCI-DSS, SOX, and other applicable regulations.
Oversee the security control lifecycle including design, implementation, testing, evidence collection, and continuous assurance.
Coordinate internal and external audits, regulatory reviews, and security attestations.
Partner with engineering and IT teams to embed compliance and control requirements into technology initiatives.
Own the cybersecurity policy, standards, and procedures lifecycle including creation, review, approval, publication, and periodic refresh.
Ensure policies and standards align with regulatory requirements, industry frameworks, and evolving threat landscapes.
Drive enterprise awareness and adoption of cybersecurity policies through governance forums and change management.
Govern security exceptions and risk acceptances related to policy deviations.
Lead cybersecurity risk assessments, risk prioritization, and remediation tracking.
Define and report GRC metrics, dashboards, and executive-level reporting for leadership and board stakeholders.
Identify systemic risk trends and drive strategic remediation initiatives across the enterprise.
Lead, mentor, and develop high-performing GRC teams.
Collaborate closely with Cyber Engineering, IAM, Cloud, Infrastructure, Privacy, Legal, and Audit teams.
Communicate complex cybersecurity risk and compliance topics clearly to technical and non-technical stakeholders.

Skills Required:

Strong expertise in Governance, Risk, and Compliance (GRC) frameworks and practices
Extensive experience in Third-Party Risk Management (TPRM) lifecycle (vendor onboarding, assessments, monitoring)
Deep knowledge of cybersecurity regulatory frameworks (NIST CSF, NIST 800-53, ISO 27001, PCI-DSS, SOX, HIPAA)
Strong understanding of enterprise risk management and risk assessment methodologies
Experience in cybersecurity policy, standards, and procedures development and governance
Proven ability to lead enterprise-wide compliance programs and audits
Experience in managing security control lifecycle (design, implementation, testing, and assurance)
Strong knowledge of vendor risk tiering, assessment methodologies, and remediation tracking
Experience in executive-level reporting, dashboards, and GRC metrics
Strong leadership experience in managing and mentoring GRC teams
Ability to communicate cybersecurity risks to technical and non-technical stakeholders
Experience collaborating with cross-functional teams (Legal, Procurement, IT, Engineering, Privacy)
Strong understanding of risk governance, exception management, and risk acceptance processes
Experience in audit management, regulatory reviews, and compliance attestations
Strong analytical and decision-making skills in risk prioritization and mitigation strate

Education: Any Graduation

Click on Apply to know more.

This page is fully interactive when JavaScript is enabled. Please enable JavaScript to apply or browse related roles.