Cyber Governance, Risk & Compliance (GRC) Principal Consultant

Role Description:

This role will be working at the customer premise.

• The Governance, Risk, and Compliance (GRC) candidate will be responsible for developing, implementing, and managing the customer GRC requirement.
• The jobs scope involve ensuring compliance with establishing governance processes, assessing risks, and implementing effective risk management practices to protect the organization’s assets, reputation, and stakeholders.
• Work together with customer to develop and maintain the organization’s GRC strategy and framework, ensuring alignment with business objectives and regulatory requirements.
• Lead the establishment and maintenance of governance processes across various departments, ensuring consistency and accountability.
• Collaborate with senior leadership to draft, revise, and communicate governance policies and procedures.
• Identify, assess, and prioritize risks to the organization’s operations, financial health, and reputation.
• Develop and implement risk assessment methodologies and tools to prepare risk reports and dashboards for stakeholders.
• Serve as the point of contact for risk management activities and promote a culture of risk awareness throughout the organization.
• Oversee compliance with applicable laws, regulations, and industry standards.
• Design and oversee compliance programs and training initiatives to ensure that employees understand and adhere to regulatory requirements.
• Coordinate and respond to audits and regulatory examinations, ensuring all compliance issues are addressed promptly.
• Stay current with industry best practices and emerging legislation impacting GRC programs.

Responsibilities:

• Maintain/Develop cybersecurity policies, standards, and frameworks.
• Ensure alignment with industry standards (e.g., CSA Cyber Trust Mark, ISO 27001, NIST, CIS, SOC 2).
• Collaborate with business units to integrate security governance into business processes.
• Identify, assess, and mitigate cybersecurity risks across the organization.
• Conduct risk assessments and audits to evaluate vulnerabilities.
• Work with technical teams to implement security controls and risk mitigation strategies.
• Monitor emerging threats and recommend proactive security measures.
• Ensure compliance with relevant regulations (e.g., GDPR, PDPA, HIPAA, SOX).
• Lead internal and external cybersecurity audits and assessments.
• Maintain compliance documentation and evidence for regulatory bodies.
• Coordinate with legal and compliance teams to manage cybersecurity-related legal risks.

Requirements:

Preferred Experience:

• 5+ years in cybersecurity, governance, risk, and compliance roles.
• Experience in highly regulated industries such as finance, healthcare, or government.
• Familiarity with security tools (GRC platforms, SIEMs, vulnerability scanners).