Lead Security GRC (Compliance)_97636

MyCareernet

full-time

Required skills

PCI-DSS
compliance
cross-functional
SOX

About the role

Website: mycareernet.co
Job details:

Key Skills: Cyber Security, GRC, Third party Risk Management

Roles and Responsibilities:

Compliance Program Leadership: Lead enterprise-wide cybersecurity compliance programs aligned to HIPAA, NIST CSF, NIST 800-53, ISO 27001, CIS Benchmarks, PCI-DSS, and SOX.
Compliance Strategy & Roadmap: Define compliance strategy, operating model, and annual roadmap aligned with enterprise risk appetite; ensure consistent interpretation and application of requirements across the organization.
Control Assurance & Risk Oversight: Lead the cybersecurity control lifecycle including control design, implementation guidance, testing, evidence management, and continuous assurance.
Gap Assessments & Maturity Reviews: Oversee compliance gap assessments and control maturity evaluations across platforms, applications, and infrastructure; review high-risk findings and drive prioritization and remediation closure.
Risk Acceptance & Exceptions: Support risk acceptance and exception decisions by articulating residual risk and business impact clearly.
Policy, Standards & Governance: Own the cybersecurity policy, standards, and procedures lifecycle (creation, review, approval, publication, and periodic refresh) and ensure alignment with regulatory requirements and evolving threat landscapes.
Governance Forums: Chair or contribute to governance forums related to compliance, risk, and policy decisions; govern cybersecurity policy exceptions and deviations in alignment with formal risk acceptance processes.
Audit, Regulatory & Assurance Leadership: Lead coordination for internal audits, external audits, and regulatory examinations related to cybersecurity compliance; act as the primary liaison between Cybersecurity, Internal Audit, Enterprise Risk, and regulatory stakeholders.
Audit Readiness & Evidence Management: Ensure audit readiness, timely evidence submission, and closure of audit findings; drive improvements based on audit outcomes and regulatory feedback.
Reporting, Metrics & Continuous Improvement: Define and present executive-level compliance dashboards, KPIs, and risk metrics; track compliance posture, control effectiveness, audit findings, and remediation progress.
Automation & Process Maturity: Identify systemic compliance gaps and emerging regulatory risks; drive automation, tooling enhancements, and process maturity across GRC and compliance functions.

Skills Required:

Strong expertise in Cybersecurity Governance, Risk, and Compliance (GRC) frameworks and practices
Deep knowledge of regulatory standards such as HIPAA, NIST CSF, NIST 800-53, ISO 27001, CIS Benchmarks, PCI-DSS, and SOX
Experience in leading enterprise-wide cybersecurity compliance programs
Strong understanding of security control lifecycle (design, implementation, testing, and continuous assurance)
Experience in compliance gap assessments and control maturity evaluations
Strong knowledge of risk management, risk acceptance, and exception handling processes
Experience in cybersecurity policy, standards, and governance framework development
Proven experience in audit management, regulatory compliance, and audit readiness
Ability to manage evidence collection, audit responses, and remediation tracking
Strong experience in executive-level reporting, dashboards, and compliance metrics (KPIs/KRIs)
Experience working with cross-functional teams (Cybersecurity, IT, Legal, Privacy, Risk, Audit)
Strong analytical and problem-solving skills in risk prioritization and compliance decision-making
Experience in process improvement, automation, and GRC tool utilization

Education: Any Graduation (Any Branch)

Click on Apply to know more.

This page is fully interactive when JavaScript is enabled. Please enable JavaScript to apply or browse related roles.