Cybersecurity Governance – And Compliance Lead

Key Responsibilities

• Governance and Policy Development:
• Develop, implement, and maintain cybersecurity policies, procedures, and standards that align with industry best practices and regulatory requirements.
• Establish and maintain cybersecurity governance frameworks to ensure accountability and effective oversight across the organization.
• Collaborate with key stakeholders, including IT, legal, and business leaders, to ensure policies are communicated and enforced organization wide.


• Risk Management:
• Lead the cybersecurity risk management program by identifying, assessing, and prioritizing risks to the organization’s assets and operations.
• Perform risk assessments to evaluate the organization’s risk exposure, including potential vulnerabilities, threats, and the impact of non-compliance with security regulations.
• Develop risk mitigation strategies and recommend controls to reduce or eliminate cybersecurity risks.


• Compliance and Regulatory Adherence:
• Ensure compliance with regulatory requirements such as NIST 800-171, NIST 800-53, CMMC, ISO 27001, ITAR, EAR, GDPR, and other applicable frameworks.
• Monitor and manage internal and external cybersecurity audits, ensuring that the organization addresses audit findings and implements corrective actions.
• Track changes in relevant laws, regulations, and industry standards to ensure the organization’s cybersecurity posture remains compliant.


• Audit and Assessment:
• Lead and coordinate internal and external audits, including readiness assessments, vulnerability assessments, and certification processes.
• Work closely with external auditors and consultants to ensure successful audit outcomes and remediate any findings or gaps identified.
• Regularly assess the effectiveness of security controls and make recommendations for improvements.


• Incident Response and Reporting:
• Collaborate with the incident response team to ensure that governance and compliance aspects are integrated into the response process.
• Ensure that all cybersecurity incidents are reported accurately and in compliance with regulatory requirements.
• Assist in root cause analysis of incidents and ensure proper documentation and follow-up actions are completed.


• Training and Awareness:
• Develop and manage cybersecurity awareness programs to educate employees on the importance of GRC and their role in maintaining compliance.
• Conduct regular training sessions on cybersecurity policies, data protection regulations, and risk management best practices.
• Ensure that leadership and relevant teams are educated on regulatory requirements and the organization’s risk posture.


• Third-Party Risk Management:
• Manage the cybersecurity aspects of the third-party risk management program, ensuring that vendors and partners comply with the organization’s security and privacy standards.
• Conduct security assessments of third-party vendors and partners to identify and mitigate potential risks to the organization.
• Review contracts and security agreements to ensure third-party compliance with relevant cybersecurity regulations.


• Metrics and Reporting:
• Develop and track key performance indicators (KPIs) and metrics related to cybersecurity governance, risk, and compliance.
• Provide regular reports to senior leadership on the organization’s risk posture, compliance status, and any emerging threats.
• Present audit findings, compliance gaps, and risk management updates to stakeholders in a clear and actionable format.


• Collaboration and Stakeholder Management:
• Work closely with IT, legal, HR, and other business units to align cybersecurity initiatives with broader organizational goals.
• Collaborate with external regulatory bodies and industry partners to stay informed of emerging trends and requirements in cybersecurity GRC.
• Act as a subject matter expert (SME) for cybersecurity governance, risk management, and compliance across the organization.

Qualifications

• Bachelor’s degree in IT, Security or equivalent experience
• 5+ years experience in Cybersecurity GRC, preferably in the technology or defense industry.
• Strong time management skills, with the ability to multitask and meet tight deadlines.
• Excellent communication and interpersonal skills, including experience engaging with executive leadership.
• Attention to detail and a commitment to quality.
• Proficiency in Cybersecurity GRC software and tools.

Benefits

• Medical Insurance: Comprehensive health insurance plans covering a range of services
• Saronic pays 100% of the premium for employees and 80% for dependents
• Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care
• Saronic pays 99% of the premium for employees and 80% for dependents
• Time Off: Generous PTO and Holidays
• Parental Leave: Paid maternity and paternity leave to support new parents
• Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses
• Retirement Plan: 401(k) plan
• Stock Options: Equity options to give employees a stake in the company’s success
• Life and Disability Insurance: Basic life insurance and short- and long-term disability coverage
• Additional Perks: Free lunch benefit and unlimited free drinks and snacks in the office