Cybersecurity GRC Specialist/Consultant

The Cyber GRC Specialist/Consultant is responsible for developing, implementing, and managing the organization's governance, risk, and compliance (GRC) program. This role involves working closely with various clients to ensure that cybersecurity practices align with industry regulations, standards, and best practices. The specialist will identify, assess, and mitigate risks, while ensuring that the organization's policies and procedures comply with applicable laws and regulations.

Responsibilities

Governance:

1. Develop and implement cybersecurity policies, procedures, and standards to ensure effective governance across the organization.
2. Maintain and improve the organization's cybersecurity governance framework to ensure alignment with business objectives.
3. Collaborate with senior management to establish cybersecurity goals and objectives.

Risk Management:

1. Identify, assess, and prioritize cybersecurity risks, and develop strategies to mitigate these risks.
2. Conduct regular risk assessments, vulnerability assessments, and audits to evaluate the effectiveness of current security controls.
3. Develop risk treatment plans and monitor the implementation of risk mitigation strategies.

Compliance:

1. Ensure the organization's compliance with relevant laws, regulations, and standards (e.g., GDPR, HIPAA, ISO 27001, NIST).
2. Monitor changes in regulatory requirements and update policies and procedures accordingly.
3. Conduct internal audits to ensure compliance with cybersecurity policies and procedures.
4. Prepare and deliver compliance reports to clients.

Qualifications

1. 3-4 years of experience in cybersecurity, with a focus on governance, risk management, and compliance.
2. Relevant certifications such as CISSP or equivalent are highly desirable.
3. Strong knowledge of cybersecurity frameworks, regulations, and standards (e.g., NIST, ISO 27001, GDPR, HIPAA).
4. Experience with risk assessment and management methodologies.
5. Excellent analytical, problem-solving, communication, and reporting/documentation skills.
6. Ability to work independently and collaboratively in a team environment.
7. Strong attention to detail and the ability to manage multiple tasks simultaneously.
8. Passion for cybersecurity.