Cybersecurity Governance, Risk & Compliance (GRC) Specialist
Cybersecurity Governance, Risk & Compliance (GRC) Specialist Position Overview We are seeking a Cybersecurity GRC Specialist to develop, implement, and manage comprehensive governance, risk, and compliance programs aligned with leading cybersecurity frameworks including NIST Cybersecurity Framework, ISO 27001/27002, MITRE ATT&CK, and CIS Controls to ensure organizational security posture and regulatory compliance. Key Responsibilities Framework Implementation & Management
- Implement and maintain NIST Cybersecurity Framework across organizational functions (Identify, Protect, Detect, Respond, Recover)
- Develop ISO 27001/27002 Information Security Management System (ISMS) and manage certification processes
- Map organizational security controls to CIS Controls and ensure implementation across all critical security functions
- Integrate MITRE ATT&CK framework for threat modeling, risk assessment, and security control validation
- Establish governance structures, policies, and procedures aligned with multiple cybersecurity standards
- Conduct comprehensive cybersecurity risk assessments and business impact analyses
- Develop risk treatment plans including risk acceptance, mitigation, transfer, and avoidance strategies
- Maintain enterprise risk registers and ensure regular risk review and update processes
- Perform gap analyses against security frameworks and develop remediation roadmaps
- Create risk-based metrics and KPIs for executive reporting and board communications
- Manage regulatory compliance programs including SOX, PCI-DSS, HIPAA, GDPR, and industry-specific requirements
- Coordinate internal and external security audits and manage audit finding remediation
- Develop compliance monitoring programs and automated compliance reporting capabilities
- Maintain evidence collection and documentation for compliance demonstrations
- Support vendor risk assessments and third-party security evaluations
- Develop comprehensive cybersecurity policies, standards, and procedures aligned with business objectives
- Establish security governance committees and risk management oversight structures
- Create security awareness training programs and ensure organization-wide policy compliance
- Manage policy lifecycle including review, approval, communication, and periodic updates
- Coordinate cross-functional collaboration for security program implementation
- 5+ years experience in cybersecurity governance, risk management, or compliance roles
- Expert knowledge of NIST Cybersecurity Framework, ISO 27001/27002, CIS Controls, and MITRE ATT&CK
- Strong understanding of regulatory requirements (SOX, PCI-DSS, HIPAA, GDPR) and compliance methodologies
- Experience with GRC platforms (ServiceNow GRC, RSA Archer, MetricStream) and risk management tools
- Knowledge of security control frameworks and security architecture principles
- Proficiency in risk assessment methodologies and quantitative risk analysis techniques
- Proven experience developing and implementing enterprise security governance programs
- Strong understanding of business continuity, disaster recovery, and crisis management
- Experience with vendor risk management and third-party security assessments
- Knowledge of board reporting and executive communication for cybersecurity topics
- Bachelor's degree in Cybersecurity, Risk Management, Business Administration, or related field
- Professional certifications (CISSP, CISA, CRISC, CISM, ISO 27001 Lead Auditor)
- Experience with cloud compliance frameworks (SOC 2, FedRAMP, CSA CCM)
- Background in internal audit or external consulting for cybersecurity assessments
- Knowledge of emerging regulations and privacy frameworks
Emplois Recommandés
EMPLOYÉ DE PHARMACIE (F/H)
EMPLOYÉ DE PHARMACIE (F/H) Révélez votre potentiel en tant qu'Employé de pharmacie (F/H) dans notre officine dynamique ? Rejoignez notre équipe dynamique pour soutenir le bon fonctionnement de notre …
ERP BI Developer Junior
About the job ERP BI Developer Junior Job Description: Location: Fully remote, Central Europe Time Zone Start date: To be defined Languages: English is mandatory The ERP BI Deve…
Major Sales Representative - France
Our Mission At Palo Alto Networks® everything starts and ends with our mission: Being the cybersecurity partner of choice, protecting our digital way of life. We have the vision of a wor…
Recrute équipe dynamique en salle et en cuisine (Paris)
(Offre d'emploi de plus de 6 mois...) Postes recherchés : ~Pâtissier ~Sommelier ~Hotesse ~Commis de salle ~Commis de cuisine ~Chef de rang ~Serveuse, Serveur Bel établissement parisien de f…
ASSISTANT PARFUMEUR (H/F)
Description SCIENTECH INTERIM est une agence de travail temporaire spécialisée dans le domaine de l'industrie et de la santé. Nous vous accompagnons dans vos recherches d'emplois, aussi bien sur d…
Sales Advisor
Sephora is seeking a Sales Advisor in Paris, France, to join its dynamic team. This role involves acting as a brand ambassador, enhancing customer experiences, and driving sales through personalized p…
CDD - JURISTE DROIT PUBLIC DES AFFAIRES - H/F
Poste ouvert aux personnes en situation de handicap.Poste à pourvoir dans le cadre d'un CDD, courant septembre 2025 jusqu'à courant mars 2026 Votre mission principale sera d'appuyer le Groupe sur les…
Expert Citrix
Le besoin Dans le cadre de ses projets clients, Visian est à la recherche d'un ingénieur Citrix senior. Les principaux objectifs de la prestation sont : - Analyse des pratiques de gestion …
H/F - Consultant Comptable et Reportings - secteur Banque
DBA poursuit son développement et renforce son pôle Banque. Vous intégrez un acteur incontournable du conseil pour apporter votre expertise auprès des directions financières du secteur bancaire (Banq…
MONITEUR DE FORMATION SECOURISME
Pour mener à bien ses missions, notre association à but non lucratif compte sur son réseau de 80 000 bénévoles et de salariés, qui agissent chaque jour selon un même principe inaltérable de solidar…