Cyber Security Engineer - Governance, Risk and Compliance (Perm) (ID: 665273)

The Cyber Security GRC Specialist is responsible for developing, implementing, and maintaining governance, risk, and compliance programs within an organization's cybersecurity framework. The role involves ensuring adherence to regulatory requirements, identifying and mitigating risks, and establishing robust security policies and controls. This individual will collaborate across departments to ensure a secure, compliant, and risk-aware environment.

1. Governance
   • Develop and maintain cybersecurity policies, procedures, and standards in alignment with industry frameworks (e.g., ISO 27001, NIST Cyber Security Framework).
   • Oversee the organization's cybersecurity governance program and ensure alignment with business objectives.
   • Provide guidance and training to stakeholders to ensure compliance with established policies and standards.
2. Risk Management
   • Identify, assess, and document cybersecurity risks to the organization.
   • Develop and maintain risk registers and implement mitigation strategies.
   • Perform regular security assessments, including vulnerability assessments and third-party risk evaluations.
3. Compliance
   • Ensure the organization's adherence to relevant regulations, standards, and frameworks (e.g., PDPC).
   • Conduct regular compliance audits and provide recommendations for remediation.
   • Monitor changes in regulatory requirements and ensure timely updates to policies and procedures.
4. Incident Response and Monitoring
   • Collaborate with incident response teams to establish protocols for managing and reporting cybersecurity incidents.
   • Ensure compliance with legal and regulatory reporting requirements for incidents.
5. Reporting and Metrics
   • Develop and present reports on cybersecurity compliance, risk posture, and governance metrics to leadership and stakeholders.
   • Track and analyze key performance indicators (KPIs) related to GRC initiatives.
6. Collaboration and Stakeholder Engagement
   • Work closely with IT, Legal, HR, and other departments to ensure a cohesive approach to cybersecurity.
   • Act as a liaison between technical teams and business units to align cybersecurity practices with organizational goals.

Requirements:

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• 3+ years in a cybersecurity or GRC-related role.
• Good working knowledge of security risk management, security governance framework, compliance, vulnerability management, and security incident response.
• Strong understanding of ISO 27001 standard and NIST Cyber Security Framework.
• Strong background in vulnerability management tools.
• Knowledge of SIEM and GRC tools.
• Understanding of Disaster Recovery, Business Continuity, and IT Regulatory Compliance.
• Proactive, independent, resourceful, able to work in a team environment, and work independently with minimal supervision.
• It will be advantageous to have at least one of these certifications: CGRC (ISC2), CRISC (ISACA).
• Prior IT security consulting experience will be advantageous.

Interested candidates who wish to apply for the advertised position, please click on “Apply”. We regret that only shortlisted candidates will be notified.