Key Responsibilities:

• Develop, implement and maintain GRC frameworks aligned with ISO 27001, NIST, GDPR, HIPAA, PCI DSS, SOC 2 and SOX standards.
• Conduct comprehensive risk assessments, identify vulnerabilities and develop prioritized mitigation strategies.
• Maintain and update risk registers, delivering actionable risk posture reports to leadership.
• Ensure compliance with regulatory standards through gap analyses, remediation plans and ongoing monitoring.
• Lead incident investigations, document root causes and implement corrective actions to prevent recurrence.
• Design, deliver and assess training programs to foster compliance and security awareness organization-wide.
• Prepare and maintain accurate compliance reports, policies and documentation for internal and external stakeholders.
• Develop, review and update GRC policies and procedures to reflect regulatory and industry changes.
• Plan and execute internal audits to assess compliance with ISO 27001, NIST, GDPR, HIPAA, PCI DSS, SOC 2 and SOX standards, focusing on financial and IT controls.
• Coordinate external audits and ensure timely resolution of findings.
• Collaborate with IT, finance and business units to integrate GRC requirements into system designs, processes and projects.
• Monitor emerging regulatory and industry trends to proactively adapt GRC strategies for future readiness.
• Manage third-party vendor risk assessments, ensuring compliance with organizational and regulatory standards.
• Implement, configure and optimize GRC tools (e.g., ServiceNow GRC, Archer, OneTrust) to streamline risk, compliance and audit processes.
• Oversee the integration of GRC tools with existing systems, ensuring seamless data flow and accurate reporting capabilities.
• Evaluate and recommend new GRC tools or enhancements to improve automation, monitoring and reporting efficiency for compliance and audit processes.
• Facilitate cross-functional workshops to align GRC initiatives with business objectives and operational needs.
• Provide guidance and mentorship to junior GRC staff on best practices, standards, tool usage and internal audit processes.
• Develop metrics and dashboards within GRC tools to track compliance, risk and audit performance.
• Conduct Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA) to ensure compliance with GDPR and other data protection regulations.
• Conduct regular reviews of GRC tool configurations to ensure alignment with evolving regulatory requirements.
• Support the development of business continuity and disaster recovery plans ensuring compliance with relevant standards.
• Perform internal audits of financial and operational controls to ensure SOX compliance and report findings to management.
• Collaborate with finance teams to validate SOX control effectiveness and address deficiencies in internal control over financial reporting (ICFR).
• Assess and monitor data protection controls to ensure compliance with GDPR and HIPAA requirements.
• Support the implementation of security controls to meet PCI DSS and SOC 2 requirements.