Job Description

• Develop, implement, and maintain GRC frameworks, policies, and procedures.
• Manage ISO 27001/ISO27017/ISO27018 compliance by conducting gap analyses, maintaining ISMS documentation, and coordinating audits to ensure ongoing certification.
• Respond to customer due diligence requests and support the review of security and compliance clauses in customer and vendor contracts, 
• Conduct third-party risk assessments and identify potential security threats and vulnerabilities.
• Manage and maintain the GRC platform to ensure accurate compliance monitoring, documentation, and audit support
• Collaborate with cross-functional teams to integrate GRC initiatives into business processes.
• Provide guidance and support to internal stakeholders on GRC-related matters.
• Stay up to date with industry trends and emerging threats to continuously improve the GRC program. 

• Minimum of 3 years of experience in GRC, and information security.
• Strong knowledge of regulatory requirements and industry standards (e.g., GDPR, ISO 27001).
• Experience in responding to customer due diligence requests.
• Experience in conducting security audits such as SOC 2 and ISO 27000 family.
• Experienced with leading GRC platforms, covering third-party risk management, audit management, and security awareness programs.
• Excellent analytical, attention to detail, problem-solving, and communication skills.
• We are looking for a passionate candidate who can work independently and collaboratively as part of a team in a fast-paced environment.
• Relevant certifications such as CISSP, CISM, or CRISC are preferred. 

• Highly advantageous experience with:  
• ISO 42001 compliance, including implementation, documentation, and audit coordination. 
• Payment Card Industry (PCI) standards. 
• Business Continuity Management. 
• Developing GRC platform automations, integrations, and workflows.