Lead risk assessments and manage third-party/vendor risk, maintaining compliance with frameworks like ISO 27001, NIST, SOC 2, and GDPR
Job Summary
Lead risk assessments and manage third-party/vendor risk, maintaining compliance with frameworks like ISO 27001, NIST, SOC 2, and GDPR.
Develop and update security policies, standards, and procedures, while providing compliance training and promoting a culture of risk awareness.
Build reports and dashboards to communicate compliance and risk status to leadership, contributing to the improvement of governance and compliance maturity.
Matching Summary
Lead risk assessments and manage third-party/vendor risk, maintaining compliance with frameworks like ISO 27001, NIST, SOC 2, and GDPR.
Skills & Requirements
Must-have
Lead risk assessments
Maintain compliance with frameworks
Support internal and external audits
Develop and update security policies
Build reports/dashboards
Nice-to-have
Promote a culture of risk awareness
Collaborative problem-solving
Communicate complex ideas clearly
Key Requirements
5-7+ years in GRC, risk management, or compliance
Senior/lead experience required
Strong knowledge of regulatory frameworks
Experience with GRC tools (Vanta, Drata)
Certifications (CGRC, CISSP, CISM, CRISC, CISA) are a plus