Roles & Responsibilities:
● Discovery & Requirement Phase - Identify existing GRC processes and Policies and develop a Gap Analysis
● Developing and writing information security policies, Including WISP.
● Implementing and overseeing an integrated Governance, Risk, and Compliance (GRC) process involves socializing GRC across DV business stakeholders.
○ Maintaining and writing policies and standards.
○ Reviewing and rewriting procedures for risk management.
○ Integrate information from business and technology processes, security, and compliance audits and investigations into risk management.
○ Incorporate standards, frameworks, and best practices from industry-recognized sources and customer regulation requirements (e.g., GDPR, ISO, NIST, ISACA, WISP, SOC2, CCPA, and MRC, etc.).
● Develop, implement, monitor, and maintain a Vendor Risk Management program.
● Maintain, review, and update the ERM program and risk/vulnerability database regularly.
● Must have an experience with ISO 27001 and SOC2.
● Bachelor's degree in computer science or related discipline preferred.