Job Description
About the position
The Sr. Director of Cybersecurity Governance, Risk Management, and Compliance (GRC) plays a critical role in ensuring the organization's cybersecurity posture is robust, resilient, and aligned with both internal and external security standards. This senior executive is responsible for developing, implementing, and managing the strategic direction of the company's cybersecurity governance, risk management, and compliance functions. The Sr. Director of Cybersecurity GRC reports to the Chief Information Security Officer (CISO) and works closely with other senior executives to ensure the alignment of cybersecurity initiatives with business goals.
This leader must possess a blend of technical expertise, strategic vision, and strong leadership capabilities to effectively navigate the complex landscape of cybersecurity governance, risk, and compliance. Responsibilities • Provide thought leadership across all Cybersecurity domains, with a keen sense of practical and action-oriented risk management. • Define and execute a comprehensive cybersecurity GRC strategy that aligns with business objectives and legal/regulatory requirements. • Partner with cross-functional teams, including Legal, IT, Audit, and Business Units, to integrate security and compliance requirements into business processes.
• Recruit, mentor, and develop a high-performing team of GRC professionals. • Develop and maintain the cybersecurity governance framework, ensuring it aligns with the organization's overall business objectives. • Create policies, procedures, and guidelines that support the cybersecurity strategy. • Ensure compliance with industry standards, regulations, and best practices. • Supervise the implementation of cybersecurity policies and monitor their effectiveness. • Identify, assess, and prioritize cybersecurity risks facing the organization.
• Develop risk mitigation strategies and allocate resources to address key risk areas. • Collaborate with other departments to integrate risk management practices across the organization. • Monitor and report on the effectiveness of risk management strategies. • Lead the Issue Management process for the organization and highlight appropriate risks through Risk Register at Enterprise Risk Management level. • Ensure adherence to relevant cybersecurity regulations and standards. • Manage internal and external audits related to cybersecurity compliance.
• Develop and maintain documentation to support compliance efforts. • Stay updated with changes in laws and regulations that impact cybersecurity compliance. Requirements • Bachelor's degree or higher in Information Technology, Cybersecurity, Computer Science, or a related field. • Minimum of 10 years of experience in cybersecurity and/or IT Risk, with at least 5 years focus on GRC. • Proven track record in a senior leadership role within a large organization. • Experience in developing and implementing cybersecurity strategies.
• Strong knowledge of relevant regulations and standards, such as GDPR, NIST CSF, and ISO 27001. • Exceptional leadership and management skills. • Strong analytical and problem-solving abilities. • Excellent communication and interpersonal skills. • Ability to work collaboratively across departments and build consensus. • Proficient in cybersecurity technologies and tools. Nice-to-haves • Accountability • Action Planning • Agile Methodology • Coaching • Creativity • Critical Thinking • Data Analysis Management • Design Thinking • Empathy • Growth Mindset • Implementation Methodologies • Infrastructure Design Benefits • Comprehensive suite of benefits that supports physical, financial and emotional wellbeing.
• Programs catered to helping you reach career goals. • Flexibility to manage work and personal needs. • Unconditional inclusion in the workplace. Apply tot his job