Key skills
CloudCyber SecuritySaaSLeadershipRisk ManagementCommunication
About this role
Role Overview
- Develop, maintain, and continuously improve GRC policies, standards, procedures, and control frameworks.
- Lead and support SOC 2 Type II, ISO 27001, PCI DSS and other compliance initiatives, including evidence collection, control validation, and remediation tracking.
- Partner with Security and Platform teams to ensure controls are technically implemented, not just documented.
- Collaborate with Security Architecture and Engineering to validate whether exceptions meet security and compliance expectations.
- Track, review, and periodically reassess approved exceptions to prevent long-term risk accumulation.
- Partner with Procurement, Legal, and Application Security teams to assess vendor risk posture and define remediation or contractual security requirements
- Design scalable workflows for:Risk assessments, Vendor reviews, Evidence management,Control testing and reporting
- Deliver targeted GRC and security awareness training, including guidance on risk ownership, exception handling, and vendor security responsibilities.
- Prepare risk, compliance, and third-party security posture reports for senior leadership.
- Translate technical risks into business-impact language to support informed decision-making.
- Perform business impact analysis and facilitate BCDR table top tests
Requirements
- Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related field.
- 4.5+ years of experience in GRC, risk management, or compliance, with exposure to technical security controls.
- Strong understanding of security frameworks and standards (SOC 2, ISO 27001, NIST).
- Hands-on experience with technical risk assessments, exception management, and third-party security reviews.
- Ability to interpret technical security data (architecture diagrams, cloud controls, access models).
- Strong analytical, documentation, and stakeholder communication skills.
- Preferred Qualifications
- Master’s degree in a relevant field.
- Certifications such as CISA, CRISC, CGEIT, CISSP, or equivalent.
- Experience working with cloud-native or SaaS environments.
- Familiarity with TPRM tooling, GRC automation platforms, and risk engineering workflows.
- Knowledge of data protection and privacy regulations (GDPR, CCPA).
Tech Stack
- Cloud
- Cyber Security