Role & responsibilities

• Develop, review, and maintain cybersecurity policies, standards, procedures, and baselines aligned with NIST, ISO 27001, CIS, and regulatory requirements.
• Conduct enterprise and project-level cyber risk assessments, including risk identification, scoring, treatment, and tracking.
• Manage and maintain the cyber risk register, ensuring clear ownership, mitigation plans, and risk acceptance approvals.
• Support compliance programs for ISO 27001, NIST CSF, SOC 2, and applicable regulatory frameworks.
• Coordinate and support internal and external audits, including evidence collection, gap analysis, and remediation tracking.
• Perform third-party and vendor security risk assessments, including questionnaire reviews and risk rating.
• Define and track GRC-related KPIs and KRIs to measure security governance effectiveness.

Preferred candidate profile