Information Security Manager

What is the Opportunity? 
Zafin is seeking a Cyber GRC Manager to join our cybersecurity team. The successful candidate will be responsible for developing and maintaining governance, risk, and compliance (GRC) frameworks, conducting cyber risk assessments and audits, and ensuring that the organization adheres to regulatory requirements and industry standards. The Cyber GRC Manager will collaborate with internal teams and clients to mitigate cyber risks and ensure that cybersecurity policies are enforced. The role requires strong knowledge of cyber risk management, compliance practices, and GRC tools.

Job Mandate: 

• Governance, Risk, and Compliance (GRC): Frameworks: Develop and implement governance, risk, and compliance frameworks for cybersecurity. Ensure that frameworks are aligned with industry standards, regulatory requirements, and internal policies. Continuously improve the GRC process to enhance risk management and compliance across the organization.  Be an owner for Trust Center and Cyber GRC controls under the overall controls framework.
• Cyber Risk Assessments and Audits: Conduct comprehensive cyber risk assessments and support internal audits to evaluate security controls, processes, and compliance. Identify gaps in cybersecurity practices and recommend remediation measures. Provide evidence and documentation to internal audit teams and clients for certifications and compliance audits.
• Vendor Risk Assessments: Perform vendor risk assessments, focusing on information security and cybersecurity practices. Provide input to clients and internal teams on vendor risk and ensure that vendors meet cybersecurity requirements.
• Regulatory Compliance Monitoring: Monitor changes in cybersecurity regulations, industry standards, and best practices. Ensure that the organization remains compliant with relevant laws and regulatory requirements. Update policies and procedures to reflect these changes and provide training to relevant stakeholders.
• Cybersecurity Policy Development and Maintenance: Develop, review, and maintain all cybersecurity-related policies and procedures. Ensure policies are communicated to all employees and are integrated into day-to-day operations. Regularly review and update policies to adapt to emerging threats and new regulations.
• Reporting and Risk Mitigation: Prepare reports on the status of cybersecurity risks, compliance levels, and vendor assessments. Work with cross-functional teams, including IT, security, legal, and compliance, to develop strategies to mitigate identified risks and improve the organization’s cybersecurity posture.

What do I need to succeed? 

Must have:

• Bachelor’s degree in computer science, Information Security, or a related field
• Strong knowledge of GRC frameworks (e.g., NIST, ISO 27001, GDPR, etc.)
• Minimum 6 years of experience in cybersecurity risk, governance, or compliance
• Experience conducting risk assessments and audits
• Experience working on Azure Environment
• Experience in Vendor Risk Management (Information Security focus)

Few of the following certifications:

• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified in the Governance of Enterprise IT (CGEIT)
• Certified Information Systems Security Professional (CISSP)
• ISO/IEC 27001 Lead Auditor or equivalent
• Experience using GRC tools for risk and compliance tracking