Security Lead - Cyber Assurance & Audits

Responsibilities & Key Deliverables

We are seeking an experienced Security Lead –to lead our Cyber Assurance & Audits initiatives. The ideal candidate will be responsible for developing, implementing, and maintaining security policies, ensuring compliance, and managing risk across the group company. This role requires a strategic thinker with strong expertise in security frameworks, risk assessment, and compliance management.

1. Cyber Assurance 

- Develop, implement, and maintain **information security policies, standards, and procedures** in alignment with industry best practices (e.g., ISO 27001, NIST, DPDPA). 

- Establish and oversee the **security governance framework** to ensure accountability and adherence to security policies. 

- Conduct **security awareness training** for employees and stakeholders. 

- Lead **internal and external security audits**, ensuring compliance with frameworks and contractual obligations. 

2. Risk Management:

- Perform **enterprise-wide security risk assessments** and identify vulnerabilities. 

- Develop and maintain a **risk register**, tracking mitigation strategies and remediation efforts. 

- Work with stakeholders to **prioritize risks** and recommend controls to reduce exposure. 

- Monitor emerging threats and ensure proactive risk mitigation strategies are in place. 

3. Compliance & Regulatory Oversight:

- Ensure compliance with **data protection laws (GDPR, CCPA, HIPAA, etc.) and industry regulations. 

- Manage **third-party vendor risk assessments** and ensure security requirements are met. 

- Prepare and present **compliance reports** to senior management and auditors. 

- Stay updated on **evolving cybersecurity laws** and adjust policies accordingly. 

4. Security Controls & Incident Response: ** 

- Oversee the implementation of **security controls** to protect organizational assets. 

- Collaborate with IT and security teams to ensure **effective incident response and remediation**. 

- Conduct post-incident reviews** and recommend improvements to prevent recurrence. 

Experience

7+ years in GRC, IT security, or risk management roles

- Experience with **regulatory compliance (GDPR, HIPAA, PCI-DSS, SOX, etc.)**.  

Qualifications

Bachelor’s or master’s degree in Cybersecurity, Information Technology, Risk Management, or related field.

Certifications: CISSP, CISM, CRISC, CISA, ISO 27001 LI/LA, or equivalent referred

Strong knowledge of **security frameworks (ISO 27001, NIST CSF, COBIT, etc.)**

Skills

- Excellent **analytical, communication, and leadership** skills. 

- Ability to **translate technical risks into business terms** for stakeholders. 

- Proficiency in **GRC tools (e.g., RSA Archer, MetricStream, One Trust)** is a plus.