Cybersecurity Risk & Compliance / GRC Manager

Technical Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.

• Minimum of 10 years of experience in cybersecurity risk management, technical controls, or incident response.

• Certifications such as:

• Certified Information Systems Security Professional (CISSP)

• Certified Ethical Hacker (CEH)

• Certified Information Security Manager (CISM)

• GIAC Security Essentials (GSEC)

• Certified Cloud Security Professional (CCSP)

• Strong technical expertise in:

• Vulnerability management

• SOC operations

• Incident response

⸻

Responsibilities

• Identify, assess, and manage cybersecurity risks to protect information and technology assets in line with policies, laws, and regulations.

• Review, update, and develop the Third-Party Risk Management Framework to monitor and mitigate vendor-related cyber risks.

• Perform vulnerability assessments of systems and networks, identifying deviations from acceptable configurations or policies, and measure defense-in-depth effectiveness.

• Evaluate, design, implement, fine-tune, and enhance business continuity for digital services with complex interdependencies.

• Calculate, fine-tune, and align Business Impact Assessment (BIA) outputs, including Priority Tiers, RPOs, and RTOs.

• Develop and track risk treatment and mitigation plans.

• Analyze cybersecurity controls and assess effectiveness.

• Oversee vulnerability scans and implement cybersecurity technical controls.

• Monitor and test Security Operations Center (SOC) and incident response plans.

• Maintain cybersecurity aspects of the business continuity plan while tracking risk-related metrics.

• Perform security control assessments for compliance with company policies, ISO 27001, NIST, NCA, and regulatory requirements.

• Review and validate security configurations for critical systems (Active Directory, firewalls, servers, network devices).

• Evaluate and provide actionable recommendations to enhance system security configurations across on-premises and cloud platforms.

• Assess and improve the quality of security documentation, ensuring periodic technical assessments comply with governance requirements.

• Review technical and administrative security controls to identify gaps and recommend remediation measures.

• Collaborate with IT, compliance, and risk management teams to enhance security practices.

• Assist in preparing management and audit reports and presentations.

• Perform comprehensive assessments, configuration reviews, and documentation assessments to strengthen the organization’s security posture.

• Configure and manage vulnerability assessment tools and perform technical assessments across systems including Active Directory, firewalls, databases, and cloud platforms.