GRC Team Lead

Company Description

About CyberArk:
CyberArk (NASDAQ: CYBR), is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit our CyberArk blogs or follow us on Twitter, LinkedIn or Facebook.

Job Description

We are seeking a highly skilled and motivated Governance, Risk, and Compliance (GRC) Team Lead to join our Information Security department. The GRC Team Lead will be responsible for overseeing a team of 4-6 employees, ensuring effective management and execution of various GRC domains. The ideal candidate will possess a strong background in information security, risk management, and compliance, with a proven track record of leadership and team development. This role requires a strategic thinker with excellent communication and organizational skills, capable of driving initiatives that enhance our security posture and ensure compliance with industry standards.

Responsibilities include:

• Awareness and Training: Develop and implement security awareness and training programs to educate employees on security best practices and policies.
• Security Compliance Accreditations: Manage and maintain compliance with security standards such as ISO 27001/17/18, SOC 2, PCI DSS, and other relevant frameworks.
• Supply Chain Security: Oversee the security assessment and management of third-party vendors and suppliers to ensure they meet security requirements.
• Product Security Compliance: Ensure that products comply with security requirements and standards throughout their lifecycle.
• Information Security Risk Management: Identify, assess, and manage information security risks across the organization, including risk mitigation strategies.
• Policies and Procedures Development and Governance: Develop, update, and enforce information security policies, procedures, and standards to align with best practices and regulatory requirements.
• Privacy Representation: Act as the privacy champion for the IT department, representing the organization on privacy matters and ensuring compliance with privacy regulations.
• Security Assessments and RFP Support: Support the security assessment process and provide expertise during the RFP process from the security department side.

#LI-CR1

Qualifications

• Education: Bachelor’s degree in information security, Computer Science, or a related field. Advanced degrees and relevant certifications (CISSP, CISM, CISA, etc.) are highly desirable.
• Experience: Minimum of 5 years of experience in information security, risk management, or compliance roles, with at least 2 years in a leadership or team management position.
• Technical Skills: Strong understanding of information security principles, frameworks, and standards (e.g., ISO 27001, SOC 2, PCI DSS). Experience with security risk assessments, compliance audits, and security policy development.
• Leadership Skills: Proven ability to lead and develop a team, with strong project management and organizational skills.
• Communication Skills: Excellent written and verbal communication skills, with the ability to articulate complex security concepts to diverse audiences.
• Problem-Solving Skills: Strong analytical and problem-solving skills, with the ability to think strategically and implement effective solutions.
• Interpersonal Skills: Ability to collaborate effectively with cross-functional teams and build strong relationships with stakeholders.
• Privacy Knowledge: Familiarity with privacy regulations (e.g., GDPR, CCPA) and experience in privacy compliance is a plus.
• Excellent written English skills.
• Hybrid work arrangement (2 days remote, 3 days in the office).