About this Cyber Governance, Risk and Compliance Specialist role at VBP
Overview of the Role
The Cyber Governance, Risk and Compliance (GRC) Specialist supports the organization's information security governance by managing security risks, maintaining the Information Security Management System (ISMS), managing & developing the Cyber awareness program, and ensuring compliance with applicable policies, standards, and regulatory requirements. The role also coordinates risk assessments, audits, governance reporting, and continuous improvement initiatives to strengthen the organization's overall security posture.
Responsibilities:
- Support the implementation, maintenance, and continual improvement of the organization's Information Security Management System (ISMS).
- Develop, review, and maintain information security policies, standards, procedures, and related governance documentation.
- Conduct information security risk assessments, develop & maintain the Information Security Risk Register, and monitor the implementation of risk treatment plans.
- Coordinate internal and external information security audits, track audit findings, and ensure timely remediation of identified issues.
- Conduct information security due diligence and risk assessments for third-party vendors, suppliers, and service providers.
- Prepare and present governance reports, risk metrics, compliance dashboards, and management reports for executive leadership and governance committees.
- Monitor emerging cybersecurity risks, regulatory changes, and industry best practices, and recommend improvements to governance, risk management, and compliance processes.
Requirements
- Minimum 5 years' experience in Information Security GRC, IT Risk, Information Security, IT Audit, or a related field.
- Bachelor's degree in Information Security, Computer Science, Information Systems, Risk Management, or a related field. Relevant professional certifications such as CISSP, CISM, CRISC, ISO/IEC 27001 Lead Implementer or Lead Auditor, CISA, CGRC, or equivalent are highly desirable.
- Demonstrated experience in developing, implementing, maintaining, and continually improving an Information Security Management System (ISMS), preferably aligned with ISO/IEC 27001.
- Knowledge of security governance frameworks and standards such as ISO/IEC 27001, ISO 31000, NIST Cybersecurity Framework (CSF), CIS Controls, and applicable data protection and privacy regulations.
- Experience conducting information security risk assessments, facilitating risk treatment plans, and monitoring risk mitigation activities across the organization.
- Working knowledge of cybersecurity technologies, security operations, and incident management sufficient to assess risks, review reports, and provide governance oversight.
- Strong written and verbal communication skills, including the ability to prepare governance reports, policies, executive briefings, and presentations for senior management and governance committees.
- High level of integrity, professionalism, and commitment to confidentiality and ethical conduct.
Benefits
- 500K per incident HMO coverage + Dental & Optical benefits
- 2-week paid Christmas vacation
- Electricity & Data subsidies
- 25K Educational Assistance
- Training and equipment will be provided
- Fixed Schedule of Mon-Fri from 7 AM to 4 PM