FreeHire

Luxoft

GRC Lead

Show

Project description

Establish and govern an enterprise-wide security framework across Network, EUC, Infra, cloud, AI, products, and business operations.

Responsibilities

  • Ownership of security governance across cloud, AI usage, products, and enterprise platforms
  • End-to-end risk management, policy, standards, and exception handling
  • Readiness and management of ISO 27001, ISO 42001, SOC 1 or SOC 2, NIST, DORA, client audits, and regulatory requirements
  • Consistent decision-making on risk acceptance and control effectiveness
  • Strong linkage between security governance and business objectives
  • Own and operate the cyber and information security risk management
  • Identify, assess, prioritize, and track information security and cyber risks
  • Manage information & Cyber risk registers, treatment plans, and risk acceptance
  • Support management in risk-based decision-making and control effectiveness reviews

SKILLS

Must have

  • 8+ years of experience in Information Security, Cyber Risk, or GRC roles
  • Professional certifications: CISA, CRISC, ISO 27001 Lead Implementer/Lead Auditor, ISO42001
  • Strong hands-on experience with Information Security Governance, Risk, and Compliance
  • Proven experience leading enterprise-scale GRC programs
  • Deep working knowledge of: o ISO 27001 / NIST / SOC 2 / PCI DSS o Cyber and information risk assessment methodologies o Audit and assurance processes o Regulatory compliance and control mapping
  • Demonstrated experience implementing or managing GRC tools
  • Strong analytical, documentation, and reporting skills
  • Ability to influence and communicate effectively with senior stakeholders

Nice to have

N/A