GRC Lead – IT Risk Management & Compliance
MDAEdge · Cupertino, CA · 1 mo ago
On-siteInformation TechnologyFull-time
Key Responsibilities
- Lead IT Risk Management, Audit, and Compliance efforts.
- Implement ISO 27K controls annexures and strategies.
- Conduct IT security assessments, including audits, vulnerability scanning, and policy reviews.
- Perform third-party security risk assessments based on ISO 27001 and NIST 800-53.
- Review supplier technical documentation and vendor security controls.
- Identify and measure risks associated with vendor security.
- Document and track risks and recommendations for vendor security gaps.
- Cook up vendor security reviews.
- Ensure compliance with cloud-based technologies (IaaS, SaaS) and data protection requirements.
- Assess business and security risks across multiple global geographies and suppliers.
- Perform security audits against published standards.
- Maintain strong customer service and attention to detail.
- Work independently, setting goals and priorities.
Must-Have Skills
- 7+ years of experience in Cyber Security, GRC, and Data Security.
- Strong expertise in ISO 27001 and NIST 800-53 for third-party security risk assessments.
- Experience in identifying and measuring vendor security risks.
- Deep understanding of ISO 27K controls annexures and implementation strategies.
- Strong background in IT Risk Management, Audit, and Compliance.
- Excellent communication skills to work with technical and non-technical teams.