Senior Cybersecurity GRC Lead

About The Position

Requirements

• Knowledge of cybersecurity frameworks, standards, and regulations (e.g., NIS2, ISO 27001, GDPR).
• Proven experience in cybersecurity GRC, risk management, compliance, ISO implementation and audits.
• Ability to work collaboratively and lead initiatives related to cybersecurity governance, risk management, compliance, and ISO standards.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Strong problem-solving and analytical skills.
• Fluency in English.

Nice To Haves

• Professional certifications is a plus.
• Experience in consulting industry and professional certifications are a plus.

Responsibilities

• Lead cyber risk assessments and control reviews, identifying gaps and driving remediation through to closure.
• Act as a bridge between GRC and technical teams, confidently challenging and validating control design and implementation.
• Own and maintain the Internal Control Framework, ensuring it remains relevant and up to date, and act as the focal point for internal controls within Digital Technologies, including coordination with external auditors.
• Drive the implementation of new controls to ensure compliance with regulations the company is subject to.
• Contribute to enhancing security policies and standards aligned to ISO 27001 and NIST.
• Partner with Digital Technology, Enterprise Risk Management, Legal & Compliance, and Internal Audit to embed security into business processes and decision-making.