Governance, Risk, Compliance, and Assurance (GRCA) Lead/Manager
Minimum Qualifications & Experience: Bachelors degree in Information Security, Business Administration, or related field (Masters or MBA preferred). 8 years of experience in cybersecurity governance, risk, or compliance roles, with at least 3 years in a leadership/manager role. In-depth knowledge of frameworks (NIST CSF, ISO 27001, COBIT) and regulatory standards (SOX, GDPR, etc.). Experience with risk assessment methodologies and GRC platforms/tools. Familiarity with OT regulatory and compliance requirements (e.g., mining, critical infrastructure). Relevant certifications (e.g., CRISC, CISM, CGEIT) are strongly preferred. Key Responsibilities: Develop, implement, and maintain security policies, standards, and procedures. Identify, assess, and prioritize security risks; propose remediation strategies to management. Lead internal/external security audits and regulatory compliance efforts (ISO 27001, SOX, GDPR, industry-specific regulations). Collaborate with cross-functional teams (Legal, HR, Operations, Finance) to ensure enterprise-wide compliance. Monitor emerging regulatory and industry requirements, adjusting compliance frameworks as necessary. Conduct regular reviews of risk registers, ensuring continuous improvement in risk management processes. Provide periodic assurance reports to senior leadership and the board. Build and conduct a robust supply-chain and third-party risk management capability.