Cybersecurity GRC Specialist

Develop, review, and maintain cybersecurity policies, procedures, and standards.

Conduct risk assessments and third-party/vendor risk reviews.

Ensure compliance with applicable regulatory frameworks (e.g., ISO 27002, NIST, GDPR, PCI-DSS, HIPAA).

Manage the risk register and track mitigation plans for identified security risks.

Support internal and external audits by collecting evidence, addressing findings, and ensuring corrective actions are implemented.

Monitor regulatory and industry changes and ensure updates are reflected in policies and controls.

Assist in developing and delivering security awareness training across the organization.

Collaborate reports and dashboards on compliance status, risk levels, and audit outcomes for leadership.

Use GRC tools or platforms to automate, track, and manage compliance and risk workflows.