Senior IT GRC Manager

About the Role
The Senior IT GRC Manager will lead a small, dedicated team in the development and implementation of our IT governance, risk, and compliance framework. This role involves navigating complex regulatory requirements, integrating risk management strategies, and ensuring compliance across all IT operations. The individual will be responsible for overseeing audits, identifying vulnerabilities, implementing robust security measures, and driving certifications such as ISO 27001, PCI DSS, and PSrE. In the first six months, the manager will focus on fortifying our risk posture, achieving key certifications, and influencing IT policy reforms, thereby significantly enhancing the organization's resilience against cyber threats.

What You Will Do

• Lead and manage a small team of IT GRC professionals to ensure effective governance, risk management, and compliance across the organization.
• Develop, implement, and maintain IT governance frameworks, risk management strategies, and compliance programs.
• Oversee and coordinate internal and external audits, ensuring timely resolution of findings and recommendations.
• Identify, assess, and mitigate IT risks through continuous monitoring and improvement of security controls and processes.
• Drive and manage certification processes for standards such as ISO 27001, PCI DSS, and PSrE.
• Collaborate with cross-functional teams to integrate GRC initiatives into business processes and IT projects.
• Provide expert advice and guidance on IT GRC matters to senior management and other stakeholders.
• Stay up-to-date with industry trends, regulatory changes, and best practices to ensure the organization remains compliant and resilient against emerging threats.

What You Will Need

• Minimum of 10 years of experience in IT governance, risk management, and compliance.
• Proven track record of successfully leading and achieving certifications such as ISO 27001, PCI DSS, Kominfo PSrE and Webtrust.
• Extensive experience in managing and navigating regulatory audits and ensuring compliance with industry standards.
• Strong leadership skills with the ability to effectively lead a small team and foster a collaborative work environment.
• Excellent stakeholder management skills, with the ability to communicate and influence at all levels of the organization.
• Demonstrated ability to deliver results with limited resources and minimal supervision.
• In-depth knowledge of current IT security trends, regulatory requirements, and best practices.
• Relevant IT GRC or InfoSec certifications such as CISM, CISSP, CRISC, or equivalent.