Role Profile: 

The GRC Officer will be responsible in implementing, interpreting, and ensuring compliance with information security policies. The role involves assessing and prioritizing cybersecurity risks, supporting regulatory compliance, and reporting on security metrics. It plays a key role in reducing risk by driving remediation efforts across the organization. Responsibilities include maintaining governance and compliance standards, conducting risk assessments for internal systems and third-party vendors, enforcing security policies, and advising leadership on risk strategies such as mitigation, reduction, transfer, exception handling, and residual risk analysis.

The Below Key Performance Areas include but are not limited to:

• Develop and implement data security & privacy risk reporting framework aligned with ISO standards like ISO 27001, ISO 27701
• Design and document technical, administrative, and physical controls to ensure regulatory compliance.
• Facilitate remediation of control gaps and escalate critical issues to leadership.
• Manage exception review processes and ensure documentation and periodic reviews.
• Prepare for and support regulatory examinations such as PCI DSS.
• Collaborate with internal and external auditors to ensure timely completion of compliance requests.
• Evaluate the effectiveness of the information security program using metrics and analysis.
• Conduct and document risk assessments for internal systems and third-party vendors.
• Recommend and implement controls to mitigate identified security risks.
• Communicate risk findings and actionable recommendations to business stakeholders.
• Support workforce security initiatives including awareness, training, and culture development.
• Facilitate eDiscovery and data collection for investigations of policy violations.
• Analyze security incidents and coordinate remediation and awareness efforts.
• Contribute to the development and lifecycle management of security policies and procedures.
• Collaborate across departments to implement and enforce information security policies.

Knowledge:Strong understanding of ISO standards and frameworks for information security governance and compliance.Knowledge of designing and implementing technical, administrative, and physical security controls.Familiarity with regulatory compliance requirements (e.g., PCI DSS) and audit facilitation processes.Experience in managing exception handling processes and documenting compliance activities.Ability to evaluate and improve the effectiveness of information security programs using metrics.Proficiency in conducting and documenting information security risk assessments.Knowledge of risk mitigation strategies and control implementation.Understanding of policy development, lifecycle management, and enforcement.Awareness of workforce security practices, including training, awareness, and incident response coordination.Analytical skills for investigating policy violations and coordinating remediation efforts.Strong communication skills to convey risk findings and collaborate with stakeholders.Experience supporting eDiscovery and data collection for compliance and investigations.Experience:3-5 years experience in Information Security DomainBachelor’s degree in Information Security, Computer Science, Risk Management, or related field.CIPP/E or CIPM (privacy), CISA or ISO 27001 Lead Implementer (security), and Azure or Okta (IAM).Skills: Strong understanding of ISO standards, regulatory compliance (e.g., PCI DSS), and security governance frameworks.Proficient in conducting risk assessments, managing exception processes, and analyzing security metrics.Skilled in policy development, lifecycle management, and coordinating security awareness and training programs.Excellent communication, collaboration, and stakeholder engagement skills across technical and non-technical teams.