Must have: Certifications: CMMC, CCP, CCA, LCCA (All 4 are required)
Job Summary:
In this role, you will be a strategic advisor focusing on GRC platform implementation, developing and managing Cyber Security and AI Governance Frameworks, navigating the cyber regulatory landscape. You will be at the forefront of defining how organizations can securely and ethically adopt next-generation technologies.
Responsibilities:
• Advise clients on the design, development, and implementation of robust cybersecurity governance frameworks, policies, standards, and procedures, ensuring alignment with their business objectives and industry best practices (e.g., NIST, ISO 27001, CIS).
• Guide clients in establishing and maturing their cyber risk management programs, covering risk identification, assessment, quantification, and the development of effective treatment strategies.
• Lead and support clients in the selection, implementation, and optimization of GRC platforms (e.g., ServiceNow GRC, Archer) to streamline control testing, policy management, and risk reporting automation.
• Partner with clients to develop and integrate governance frameworks for AI/ML systems, addressing emerging risks like model bias, data poisoning, and adversarial attacks, in accordance with frameworks such as the NIST AI Risk Management Framework.
• Perform comprehensive security, risk, and compliance assessments for clients, identifying vulnerabilities, compliance gaps, and proposing strategic, actionable remediation plans.
• Advise and assist clients in establishing and enhancing their Third-Party Risk Management (TPRM) programs, encompassing vendor due diligence, risk assessment, and continuous monitoring throughout the lifecycle.
• Serve as a subject matter expert, providing advisory and strategic guidance to clients on all aspects of GRC, data privacy, and complex regulatory compliance matters (e.g., GDPR, CCPA, HIPAA, DORA).
• Continuously monitor and analyze the evolving cyber threat landscape, regulatory changes, and AI security trends to provide proactive and informed strategic recommendations to clients.
• Collaborate effectively with client legal, IT, and business units to ensure that robust security and compliance requirements are seamlessly integrated into their organizational processes and broader strategic initiatives.
Qualifications we seek in you:
• 8+ years of experience in Cyber Security GRC, Information Security Risk Management, Data Privacy, and Technology Audit.
• Proven experience implementing or managing enterprise GRC platforms.
• Expertise in developing and implementing risk management frameworks and conducting Cyber Security Risk Assessments, Threat Modelling, and control testing.
• Strong knowledge of AI governance and security, including experience assessing risks in AI/ML models and data pipelines and familiarity with frameworks like the NIST AI Risk Management Framework and OWASP Top 10 for LLMs.
• Demonstrated experience in designing and implementing data privacy programs and managing compliance with major regulations (GDPR, CCPA, etc.).
• Authored and managed the lifecycle of information security policies, standards, and procedures.
• Experience in developing and maturing Third-Party Risk Management (TPRM) programs and platforms.
• Understanding of cloud security governance and compliance management principles (e.g., Cloud Security Posture Management - CSPM).
• Excellent analytical, strategic thinking, and problem-solving skills.
• Superior communication and presentation skills, with the ability to influence senior leadership and articulate complex risk concepts to diverse audiences.
Certifications: CMMC, CCP, CCA, LCCA.
