Department:<br/><br/>Cyber security
Job title:<br/><br/>Cyber security GRC manager
Reports to:<br/><br/>Head of Cybersecurity
Job purpose/Summary:
The Cyber Security Governance, Risk, and Compliance (GRC) Manager will be responsible for overseeing and enhancing the organization's cyber security posture by leading GRC initiatives. This role requires a strategic approach to ensure compliance with regulations, implementation of effective risk management practices, and development of robust governance frameworks. Additionally, the incumbent will drive cybersecurity awareness programs to promote a security-oriented culture among employees.
Duties and responsibilities
Develop and implement a comprehensive cyber security GRC strategy to ensure alignment with organizational objectives and regulatory requirements.
Establish and maintain effective governance frameworks, policies, and procedures to mitigate cyber security risks and ensure compliance with industry standards and regulations (e.g., NCA, SDAIA, ISO 27001, NIST, etc.).
Ensure compliance program being carries that covers applicable regulatory standards and ensure on time reporting .
Conduct regular risk assessments, vulnerability assessments, and gap analyses to identify and address potential security weaknesses and compliance issues.
Collaborate with cross-functional teams to integrate security considerations into the organization's business processes and IT systems.
Lead the coordination and response to internal and external audits pertaining to cyber security and compliance requirements.
Monitor and analyze emerging cyber security trends, threats, and vulnerabilities to proactively adjust the organization's security posture.
Oversee the effectiveness of security controls, including access management, Data protection, Infra security, network security .
Manage third-party risk assessments and due diligence processes to ensure the security of vendor and partner ecosystems.
Plan and manage implementation of GRC system that will ensure stakeholders collaborating and instant reporting of cyber security Index
Drive cybersecurity awareness and training programs to educate and empower employees to recognize and address security threats and best practices.
Regularly report to senior management on the organization's cyber security posture, compliance status, and areas for improvement.
Develop and deliver cyber security awareness programs designed to educate employees on best practices, policies, and security threats.
Collaborate with internal stakeholders to create engaging and interactive training materials and resources.
Conduct regular assessments to measure the effectiveness of the awareness program and adjust content and delivery methods as needed.
Promote a culture of security consciousness and accountability across the organization through engaging communication and interactive initiatives.
Qualifications
Education : Bachelor degree in information technology, or Computer Engineering.
Skills and abilities:<br/><br/>Collaboration, Strong fundamental skills, Critical thinking, and Communications skills.
Experience:<br/><br/>+5 years
Specialized knowledge:<br/><br/>Auditing, Compliance, Risk Assessment, Regulatory Standards and Technical knowledge of Networks, Infrastructure and systems
Professional Certification:<br/><br/>ISO27***, GCCC, SABSA , CISA, CISM, CIA<br/><br/>#J-18808-Ljbffr