Cyber GRC Consultant

 About the Role:

We are seeking a motivated Cybersecurity GRC Analyst to join our growing security team. This role supports alignment with legal, regulatory, and business requirements. Reporting to the Deputy Chief Information Security Officer and working closely with internal stakeholders, the Lead supports the development, implementation, and maintenance of our cybersecurity governance, risk management, and compliance programs.

 Key Responsibilities:

·        Develop and maintain cybersecurity policies, standards, and procedures to align with industry best practices and regulatory, legal, and business requirements.

·        Conduct security risk assessments of critical applications & third-party vendors.

·        Partner with stakeholders to prioritize and implement risk mitigation strategies

·        Continuously evaluate and enhance cybersecurity GRC processes to adapt to changing threats, technologies, and business needs

·        Support internal audits and control testing activities to monitor compliance with cybersecurity frameworks (e.g., NIST CSF, PCI DSS, GDPR, CCPA).

·        Maintain accurate records of the risk register, compliance activities and evidence for audits and regulatory inquiries.

·        Support security awareness initiatives and training activities across the organization.

·        Maintain GRC dashboards and reporting.

·        Support the management of the Security Champions program.

·        Stay informed of emerging cybersecurity regulations, risks, and industry best practices.

·        Support other security activities as required.

Qualifications:

·        Bachelor’s degree in Cybersecurity, Information Technology, Business, Communications, or equivalent practical experience.

·        5 plus years of experience in cyber risk management, auditing, or compliance,

·        GRC platforms (e.g., Knowbe4, ServiceNow, Vanta).

·        Strong written and verbal communication skills, with the ability to simplify and present complex cybersecurity topics to diverse audiences.

·        Analytical thinking and research abilities to support risk assessments, audits, and compliance initiatives.

·        High attention to detail, accuracy, and organization in documentation and reporting.

·        Ability to work collaboratively across technical and non-technical teams.

·        Demonstrated ethical judgment and critical thinking in decision-making processes.

Preferred:

·        Experience with cybersecurity frameworks such as NIST CSF, ISO 27001, PCI DSS, SOC 2 Type 2, or GDPR.

·        Demonstrated breadth and depth of expertise across core cybersecurity domains, including risk management, incident response, governance, secure software development, vulnerability management, security operations, etc.

·        Ability analyze data to derive risk insights.

·        A proactive and strategic mindset, focused on identifying potential risks and developing innovative solutions to ensure ongoing compliance and mitigate potential issues.