eTeam
Key Responsibilities:
Risk Assessment & Management
Identify and evaluate cybersecurity risks across enterprise systems, networks, and third-party services.
Develop and maintain risk registers and conduct periodic risk reviews.
Collaborate with IT and business units to implement risk mitigation strategies.
Compliance & Regulatory Oversight Ensure adherence to regulatory frameworks (e.g., GDPR, HIPAA, SOX, PCI-DSS, ISO 27001, NIST). Support audit readiness and manage internal and external cybersecurity audits. Maintain policies, standards, and procedures aligned with compliance requirements.
Governance, Risk, and Compliance (GRC) Operations Operate and maintain GRC tools and platforms. Track compliance metrics and produce regular risk and compliance reports for leadership. Support enterprise-wide initiatives for security awareness and training.
Policy Development & Implementation Draft, review, and update security policies and procedures. Ensure alignment between corporate strategy and cybersecurity policies.
Third-Party Risk Management Assess security posture of vendors and partners via risk assessments and due diligence. Recommend controls or contractual requirements to mitigate third-party risk.
Qualifications:
Bachelor's degree in Information Security, Information Systems, Computer Science, or a related field. 3-7+ years of experience in cybersecurity, IT risk, or compliance roles (depending on level). Knowledge of major cybersecurity standards and frameworks (e.g., ISO/IEC 27001, NIST CSF, CIS Controls). Familiarity with data privacy laws (e.g., GDPR, CCPA). Experience using GRC platforms (e.g., Archer, ServiceNow GRC, MetricStream). Certifications such as CISA, CISM, CRISC, CISSP, or ISO 27001 Lead Implementer/Auditor are a plus.
Compliance & Regulatory Oversight Ensure adherence to regulatory frameworks (e.g., GDPR, HIPAA, SOX, PCI-DSS, ISO 27001, NIST). Support audit readiness and manage internal and external cybersecurity audits. Maintain policies, standards, and procedures aligned with compliance requirements.
Governance, Risk, and Compliance (GRC) Operations Operate and maintain GRC tools and platforms. Track compliance metrics and produce regular risk and compliance reports for leadership. Support enterprise-wide initiatives for security awareness and training.
Policy Development & Implementation Draft, review, and update security policies and procedures. Ensure alignment between corporate strategy and cybersecurity policies.
Third-Party Risk Management Assess security posture of vendors and partners via risk assessments and due diligence. Recommend controls or contractual requirements to mitigate third-party risk.
Qualifications:
Bachelor's degree in Information Security, Information Systems, Computer Science, or a related field. 3-7+ years of experience in cybersecurity, IT risk, or compliance roles (depending on level). Knowledge of major cybersecurity standards and frameworks (e.g., ISO/IEC 27001, NIST CSF, CIS Controls). Familiarity with data privacy laws (e.g., GDPR, CCPA). Experience using GRC platforms (e.g., Archer, ServiceNow GRC, MetricStream). Certifications such as CISA, CISM, CRISC, CISSP, or ISO 27001 Lead Implementer/Auditor are a plus.