We are seeking a highly motivated and experienced Governance, Risk, and and Compliance (GRC) Lead to spearhead the development, implementation, and continuous improvement of our GRC framework. The GRC Lead will be responsible for ensuring the organization's operations adhere to internal policies, regulatory requirements, and industry best practices. This role requires a deep understanding of information security principles, enterprise risk management, and the ability to drive change across technical and business teams.

Key Responsibilities:

• GRC Framework Management: Develop, maintain, and mature the organization's GRC framework, including risk assessment methodologies, control standards, and compliance programs.
• Risk Management: Lead annual and ad-hoc security and technology risk assessments, identify potential threats, evaluate inherent and residual risk levels, and track remediation efforts to closure.
• Policy & Standards: Design, draft, publish, and enforce information security policies, standards, and procedures in alignment with organizational goals and external requirements.
• Regulatory Compliance: Oversee compliance efforts for key industry regulations and frameworks (e.g., ISO 27001, SOC 2, GDPR, HIPAA, PCI-DSS, or SOX), ensuring controls are correctly implemented and tested.
• Audit Coordination: Serve as the primary liaison for internal and external auditors, manage audit evidence collection, and coordinate responses to audit findings and control deficiencies.
• Reporting & Communication: Develop and present GRC status reports, risk dashboards, and compliance metrics to senior leadership and relevant stakeholders.
• Training & Awareness: Collaborate with teams to promote a culture of security awareness and compliance through targeted training programs.

Required Qualifications:

• Experience: 8–12 years of progressive professional experience in Governance, Risk, and Compliance (GRC), Information Security, IT Audit, or a related field.
• Technical Foundation: Strong working knowledge of IT infrastructure, security architecture, and cloud computing environments (e.g., AWS, Azure, GCP).
• Framework Expertise: Demonstrated experience implementing and managing security and control frameworks (e.g., NIST, COBIT, CIS Critical Security Controls).
• Communication: Exceptional written and verbal communication skills, with the ability to translate complex technical and regulatory language into clear business risks and requirements.
• Education: Bachelor’s or Master's degree in Information Technology, Computer Science, Business Administration, or a related field.

Preferred Qualifications:

• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA).
• Experience with GRC tools and platforms (e.g., ServiceNow GRC, LogicManager, Archer).
• Experience managing GRC programs in a fast-paced, high-growth, or global technology environment.