ESSENTIAL FUNCTIONS:

• Define, track, and report Key Risk Indicators (KRIs) and security risk metrics, producing dashboards and management‑level reporting.
• Document and manage risks, controls, and issues using GRC tools such as ServiceNow IRM (good to have), supporting workflow efficiency and audit traceability.
• Experience in identifying, assessing, and monitoring emerging risks, including AI, automation, data privacy, and evolving threat landscapes, and providing risk‑based recommendations to stakeholders.
• Prepare and deliver clear, executive‑ready presentations, and effectively communicate security and risk concepts to both technical and non‑technical stakeholders.
• Develop, review, and maintain information security policies, standards, and procedures, ensuring alignment with regulatory expectations, industry frameworks, and internal risk appetite.
• Experience in managing the Information Security Management System (ISMS) aligned with ISO/IEC 27001, NIST Cybersecurity Framework (CSF), and COBIT, ensuring consistent application of controls and governance practices across the organization.
• Experience in performing information security, technology, and cyber risk assessments, including inherent and residual risk analysis, and evaluating risks associated with new technologies, cloud, and digital initiatives.
• Perform third‑party security risk assessments, review vendor security artifacts (e.g., SOC reports, certifications), and track remediation activities and risk acceptance decisions.
• Support regulatory compliance activities, internal and external audits, and management responses by ensuring risks, controls, and issues are well documented, traceable, and defensible.

• 5 - 8 years of experience in information security, cyber/technology risk, or GRC‑focused roles.
• Hands‑on experience with ISO/IEC 27001, NIST CSF, and COBIT frameworks.
• Experience performing risk assessments, policy and standards development, and third‑party risk management.
• Exposure to regulatory compliance environments and audit support activities.
• Risk reporting, analytics, or KRI development
• Exposure to ServiceNow IRM or similar GRC platforms (good to have)

SKILLS/CHARACTERISTICS:

• Strong understanding of information security, technology risk, and emerging risk domains, including AI‑related risks
• Knowledge of GRC practices, control frameworks, and regulatory expectations
• Experience with GRC tools (e.g., ServiceNow IRM - good to have)
• Excellent analytical, documentation, and reporting skills
• Strong written, verbal, and presentation skills, with the ability to communicate effectively with senior management and cross‑functional teams
• Ability to translate technical security risks into clear business impact
• Individual contributor with strong analytical skills and a data-driven mindset