Cyber Governance, Risk & Compliance (GRC) Principle Consultant

Key Responsibilities and Key performance indicators

• Maintain/Develop cybersecurity policies, standards, and frameworks.

• Ensure alignment with industry standards (e.g., CSA Cyber Trust Mark, ISO 27001, NIST, CIS, SOC

• Collaborate with business units to integrate security governance into business processes.

• Identify, assess, and mitigate cybersecurity risks across the organization.

• Conduct risk assessments and audits to evaluate vulnerabilities.

• Work with technical teams to implement security controls and risk mitigation strategies.

• Monitor emerging threats and recommend proactive security measures.

• Ensure compliance with relevant regulations (e.g., GDPR, PDPA, HIPAA, SOX).

• Lead internal and external cybersecurity audits and assessments.

• Maintain compliance documentation and evidence for regulatory bodies.

• Coordinate with legal and compliance teams to manage cybersecurity-related legal risks.

Educational Qualification

Preferred Experience:

• 5+ years in cybersecurity, governance, risk, and compliance roles.

• Experience in highly regulated industries such as finance, healthcare, or government.

• Familiarity with security tools (GRC platforms, SIEMs, vulnerability scanners).

Key Responsibilities and Key performance indicators

• Maintain/Develop cybersecurity policies, standards, and frameworks.

• Ensure alignment with industry standards (e.g., CSA Cyber Trust Mark, ISO 27001, NIST, CIS, SOC

• Collaborate with business units to integrate security governance into business processes.

• Identify, assess, and mitigate cybersecurity risks across the organization.

• Conduct risk assessments and audits to evaluate vulnerabilities.

• Work with technical teams to implement security controls and risk mitigation strategies.

• Monitor emerging threats and recommend proactive security measures.

• Ensure compliance with relevant regulations (e.g., GDPR, PDPA, HIPAA, SOX).

• Lead internal and external cybersecurity audits and assessments.

• Maintain compliance documentation and evidence for regulatory bodies.

• Coordinate with legal and compliance teams to manage cybersecurity-related legal risks.

Educational Qualification

Preferred Experience:

• 5+ years in cybersecurity, governance, risk, and compliance roles.

• Experience in highly regulated industries such as finance, healthcare, or government.

• Familiarity with security tools (GRC platforms, SIEMs, vulnerability scanners).