GRC Leader

Cyber Security

Description

    This position should take ownership of the following key responsibilities:

Policy & Governance Management

  • Maintain and update the full security policy library (ISO 27001, SOC 2, GDPR, etc.).
  • Ensure version control, approval workflows, and cross-departmental adoption.
  • Lead annual policy reviews and align with new business or regulatory needs.

Security Risk Management

  • Own the corporate Risk Register (e.g., in Monday.com) and drive risk assessments across domains.
  • Track mitigation progress and report key risks to leadership.

Compliance & Certification Programs

  • Manage and maintain compliance frameworks (ISO 27001, GDPR, customer-driven requirements).
  • Prepare evidence and documentation for internal and external audits.

Vendor & Third-Party Risk Management

  • Oversee the Vendor Security Review process — reviewing new suppliers, SaaS tools, and renewals.
  • Monitor vendor security posture via SecurityScorecard or similar tools.
  • Ensure data processing agreements (DPAs) are aligned with legal. 

Customer & Partner Assurance

  • Manage all RFI / RFP / security questionnaire responses.
  • Provide standardized documentation (e.g., SOC 2 reports, penetration testing summaries).
  • Support Sales / Customer Success during security discussions.

Security Process Governance

  • Define and enforce structured approval workflows for new tools, tokens, and architecture changes.
  • Integrate approvals into Jira or ServiceNow for traceability.
  • Collaborate with IT / AppSec / Legal for end-to-end governance.

Awareness & Training

  • Drive company-wide security awareness campaigns.
  • Onboard new hires with security and compliance training.
  • Ensure developers and business teams understand their compliance obligations.

Metrics & Reporting

  • Define KPIs for compliance maturity, audit readiness, and risk reduction.
  • Deliver quarterly GRC posture updates to the CISO / Security Steering Committee.


Requirements

  • 5–8 years of experience in Governance, Risk, and Compliance (GRC) or Information Security management, preferably within a technology or SaaS organization.
  • Proven track record of developing, implementing, and maintaining security policies and frameworks (e.g., ISO 27001, SOC 2, GDPR, NIST).
  • Hands-on experience owning and managing a corporate risk register, driving risk assessments, and ensuring timely mitigation across multiple business domains.
  • Strong background in compliance management, including preparing evidence and documentation for both internal and external audits.
  • Demonstrated ability to lead vendor and third-party security assessments, evaluate supplier risks, and align data processing agreements (DPAs) with legal and privacy teams.
  • Experience managing customer assurance programs, responding to RFIs/RFPs, and supporting sales teams with security documentation and due diligence.
  • Skilled in security process governance — establishing approval workflows for new tools, integrations, and architectural changes, and embedding controls into systems like Jira or ServiceNow.
  • Proven ability to drive security awareness initiatives, design training programs, and communicate compliance responsibilities effectively across departments.
  • Experience defining and reporting KPIs and metrics related to compliance maturity, audit readiness, and overall risk posture.
  • Strong collaboration skills — capable of partnering with cross-functional stakeholders (Engineering, IT, Legal, AppSec, and Product) to strengthen the organization’s security and compliance posture.