JOB PURPOSE / OBJECTIVE

Develop and implement business applications, systems, and procedures within recognized fields of Information Technology (IT) endeavors as detailed.

KEY ACCOUNTABILITIES

• Enhance or develop cybersecurity GRC framework, policies, and procedures.

• Implement, maintain, and support cybersecurity GRC policies, and procedures.

• Work with cross-functional teams to assess security vulnerabilities and process deficiencies to develop effective mitigation strategies, also track and provide remediation guidance for new projects, services and/or third-party contracts in terms of information security assurance.

• Develop and maintain regular cybersecurity awareness training to ensure all staff members are knowledgeable with the organization’s cybersecurity policies, procedures, and standards. • Improve security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.

• Oversee highest risk initiatives and serve as a point of escalation for remediation/mitigation efforts.

• Develop and work on risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities following the compliance.

• Consolidate Data analysis of important GRC risk information, including the cyber risk register, policy exceptions, audit findings and data security reviews.

• Lead and manage Comprehensive Risk assessment and Risk action plans.

• Lead and manage NCA and other regulatory compliance requirements.

• Develop and mentor the GRC team members.

• Develop and manage project proposals, resources, and plans.

• Perform any other related duties as required or assigned.

QUALIFICATIONS & EXPERIENCE

Education

• Bachelor of Science (BS) OR bachelor’s degree in computer science, Management Information Technology (MIS), Engineering, Physical Sciences or equivalent.

Professional Qualifications (Certifications & Accreditations)

• IT Industry Accredited and related certificate e.g., ITIL, CCSP, CEH, CISA, CISM.

Competencies (Knowledge, Skills & Abilities)

• Proficient with Information security and GRC systems, applications, and tools

• Proficient with frameworks and standards associated with Information security/GRC such as ISO 27001, NIST, ISO 38500, COBIT 5

• Familiar with frameworks and standards associated with IT like ITIL, ISC 20000 etc.

Experience

• At least 9-15 years in Information security and GRC.

Languages

• Thoroughly proficient in both verbal and written English

WORKING RELATIONS

Internal Interactions

• Frequent contact with Senior Analysts for direction and guidance, and with customers for review and evaluation of application requirements.

External Interactions

• Frequent contact with vendors for product information, and Information Technology (IT) project status.