Sr. Consultant, Info Security, Governance, Risk and Compliance

Job Purpose and Impact

• The Senior Professional, Governance, Risk & Compliance job leads the quantification of enterprise risk appetite and tolerance, the development of security policies and the maintenance of a comprehensive cyber risk register to safeguard the organization. With minimal supervision, this job ensures compliance with regulatory requirements and makes proposals to improve the organization's risk management framework in support of overall strategic objectives.

• ENTERPRISE RISK APPETITE & TOLERANCE: Conducts complex risk assessments to identify new vulnerabilities and threats that might harm the company's strategic objectives, aligned with the organization's risk appetite.
• SECURITY POLICIES & STANDARDS: Leads the establishment and improvement of fit for purpose security policies and standards to mitigate risks effectively and efficiently.
• CYBER RISK REGISTER: Reviews and oversees the cyber risk register, quantifying risk implications and ensuring accurate scoring of identified risks.
• COMPLIANCE TESTING: Leads the conduct of compliance testing, ensuring adherence to internal policies and external regulations.
• PERFORMANCE MONITORING: Leads the data collection, reports preparation and performance results communication to internal cross functional teams and external partners.
• COMPANY LEVEL METRICS & PROGRESS ON RISK MANAGEMENT GOALS: Prepares and communicates metrics related to risk management progress, ensuring clarity and accountability across the organization.

• Minimum requirement of 5 years of relevant work experience. Typically reflects 6 years or more of relevant experience.
• Minimum of 4 years of Cybersecurity policy and governance experience.
• 5+ years of experience of relevant experience policies, standards and Cybersecurity guidelines in the total work experience.
• Experience developing and implementing cybersecurity policies and procedures.
• Exceptional written and verbal communication skills, and proven ability to translate security risks to all levels of business.
• Working knowledge of common technical controls across security domains (e.g., logical access, configuration management, security operations, etc.) and technologies.