Senior Cybersecurity GRC Specialist shaping Orion Pharma's cybersecurity governance, risk management, and compliance. Engaging with teams to enhance security posture and meet regulatory standards.
About the role
- Security GRC Manager managing audits and compliance programs at Salesforce. Overseeing cloud security compliance and collaborating across departments for risk management.
Responsibilities
- Manage and improve internal control environments, ensuring continuous alignment with applicable regulations and industry best practices.
- Act as a senior liaison for external auditors, assessors, and internal stakeholders during audits and assessments.
- Oversee the implementation and monitoring of corrective actions and risk mitigation efforts.
- Develop and maintain compliance documentation, policies, and procedures.
- Provide compliance training and awareness to relevant business units.
- Track compliance metrics, drive remediation efforts, and communicate risks and progress to senior leadership.
Requirements
- 6–8 years of relevant experience in information security compliance, risk management, or audit.
- Deep knowledge of security standards and regulatory frameworks (e.g., ISO 27001, SOC 2,HIPAA, PCI, ISMAP, IRAP, etc.).
- Experience managing compliance audits and interacting with external assessors or regulators.
- Strong understanding of IT and security controls, particularly in cloud environments.
- Good communication and stakeholder management skills.
- Ability to translate regulatory requirements into actionable technical and process-oriented controls.
- Relevant certifications (e.g., CISA, CISSP, CRISC, ISO Lead Auditor) are nice to have.
- Prior experience working with GRC tools and automation platforms is nice to have.
- Strategic mindset with the technical ability to translate compliance goals into engineering solutions is nice to have.
- Passion for global compliance and finding the path of least resistance to get there is nice to have.
- Ability to operate autonomously and drive innovation in regulated environments is nice to have.
- Strong solutioning mindset, being able to break down complex problems with simple solutions that are communicated in a clear and concise manner is nice to have.
Benefits
- time off programs
- medical
- dental
- vision
- mental health support
- paid parental leave
- life and disability insurance
- 401(k)
- employee stock purchasing program
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Product Security expert ensuring secure software development at NETGEAR. Championing security practices and monitoring vulnerabilities while collaborating with development teams.
System Architect driving secure cloud - native applications using cutting - edge technologies for Product Security at Nokia. Leading AI - driven design and architecture with collaboration across global teams.
Cyber Security Engineer protecting data from threats in a fintech startup. Collaborating with the Information Security Team and implementing security controls for technical projects.
Junior Security Incident Responder in an innovative IT service company protecting clients against cyber threats. Collaborating with teams to enhance IT security and respond to incidents.
Security Incident Responder managing IT security incidents in the Security Operations Center, analyzing threats and coordinating responses effectively for clients' safety.
Senior Security Engineer developing and enhancing security infrastructure for Bank Frick, a pioneer in blockchain banking. Responsible for managing security processes and collaborating with IT teams.
Werkstudent Cyber Security bei Wavestone, Unterstützung im IT - Consulting und Entwicklung im Bereich Cyber - Sicherheit. Analyse von Trends und aktive Teilnahme an Teamaktivitäten.
Project Manager for Security Technology managing complex security projects in MENA region. Involving internal teams and external integrators ensuring project success and client satisfaction.
Cyber Security Manager at British American Tobacco strengthening cyber resilience across Western Europe. Responsible for managing security initiatives and collaborating with regional teams.