Job Description
The Information Security GRC Manager will be responsible for overseeing and managing the governance, risk, and compliance functions within client organizations. This individual will play a key role in ensuring the company's information security practices adhere to legal, regulatory, and industry standards while helping senior leadership mitigate risks and improve overall security posture. The role will involve working closely with senior stakeholders, advising them on risk-related issues, and implementing strategies that align with business goals and regulatory requirements.
Governance & Risk Management:
* Lead and oversee the organization's information security governance framework, ensuring compliance with relevant standards such as ISO 27001, NIST, and GDPR.
* Identify, assess, and monitor security risks and ensure proper risk management strategies are implemented.
* Develop and maintain risk registers and facilitate risk assessments across the organization.
* Advise senior stakeholders (C-suite, department heads) on the potential impact of security risks and recommend appropriate mitigation strategies.
Compliance Management:
1. Manage the organization's compliance with legal, regulatory, and contractual obligations related to information security (eg, GDPR, CCPA, HIPAA, SOX).
2. Ensure that appropriate internal controls, audits,...