RequirementsKey Responsibilities:
Governance:
- Develop, implement, and maintain cybersecurity governance frameworks in alignment with industry standards (e.g., ISO 27001, NIST, COBIT).
- Define and enforce cybersecurity policies, standards, and guidelines.
- Monitor adherence to governance structures, ensuring consistency across all business units.
- Provide expert-level support for escalated governance-related issues and inquiries.
- Conduct detailed risk assessments and develop mitigation strategies for identified vulnerabilities and threats.
- Oversee third-party risk assessments to ensure vendor compliance with security policies.
- Implement tools and methodologies to monitor, measure, and report risk metrics (KRIs).
- Collaborate with stakeholders to prioritize and remediate high-risk areas effectively.
- Lead initiatives to ensure compliance with applicable regulations (e.g., GDPR, CCPA, PCI DSS, HIPAA).
- Manage audits and certifications, acting as a liaison between external auditors and internal teams.
- Maintain evidence repositories for audit readiness and ensure timely responses to compliance inquiries.
- Monitor changes in regulatory landscapes and update internal practices accordingly.
- Act as an escalation point for GRC-related incidents, providing advanced analysis and remediation plans.
- Support investigations into non-compliance incidents and implement corrective actions.
- Develop and maintain playbooks for GRC-related incident responses.
- Generate detailed reports on governance, risk, and compliance metrics for senior leadership.
- Communicate findings and recommendations from risk assessments and audits to stakeholders.
- Provide regular updates on the status of GRC programs and initiatives.
- Identify gaps and recommend enhancements to GRC frameworks, tools, and processes.
- Stay updated on emerging GRC technologies, methodologies, and industry trends.
- Mentor and train junior analysts on GRC best practices and tools.
Technical Skills:
- Advanced knowledge of GRC frameworks and tools (e.g., Archer, ServiceNow GRC, MetricStream).
- Expertise in risk assessment methodologies, such as FAIR (Factor Analysis of Information Risk).
- Familiarity with regulatory compliance requirements (e.g., GDPR, SOX, HIPAA, PCI DSS).
- Experience with audit and certification processes for standards like ISO 27001 or SOC 2.
- Proficiency in security and compliance monitoring tools (e.g., Nessus, Qualys, Tenable).
- 5+ years of experience in cybersecurity with a focus on GRC roles.
- Proven track record in leading risk assessments, compliance initiatives, and governance projects.
- Experience in managing enterprise-wide GRC programs across multiple business units.
- Strong analytical skills to interpret risk and compliance data.
- Excellent communication skills for collaboration with technical and non-technical stakeholders.
- Detail-oriented and organized, capable of managing multiple projects simultaneously.
- Certifications: CISM, CRISC, CISSP, ISO 27001 Lead Auditor, or equivalent.
- Familiarity with privacy laws and frameworks (e.g., CCPA, GDPR).
- Experience with cloud security compliance frameworks (e.g., CSA STAR).
Skills Required
- 5+ years of experience in cybersecurity with a focus on GRC roles.
- Advanced knowledge of GRC frameworks and tools.
- Expertise in risk assessment methodologies such as FAIR.
- Familiarity with regulatory compliance requirements.
- Proficiency in security and compliance monitoring tools.
What We Do
Blue Pearl is a market-leading CLOUD Solutions developer with extensive knowledge and insight into the latest technologies, standardised processes, advanced technical capabilities and consulting processes available, ensuring wholistic success for our clientele. We offer professional consulting to compliment your business strategy and overall management and make it our priority to add value to any business by listening, analysing and creating a conducive solution that will empower our client. We implement a Data Analysis Process that includes inspecting, cleansing, transforming, and modelling data with the end-goal of discovering useful information, informing conclusions, and relevant information to support your decision-making. Your business cannot afford not to engage with us, allowing our data analysis to play a role in making your business decisions more scientific and helping your business achieve effective operation. Blue Pearl’s team of experts include BI strategists, BI analysts, Data Warehouse Architects, Data Scientists, Implementation and Development experts. With the use of BI, Analytics and Big Data, we effectively partner with our customers on their mission to achieve a competitive business advantage and real ROI from the structured information we collect.
