Art Technology and Software - GRC Lead

The GRC Lead will lead the strategic governance, risk management, and compliance agenda to strengthen the organization's cybersecurity resilience and ensure regulatory compliance. Acting as a key leader and collaborator, the GRC Lead will own the development, implementation, and continuous improvement of the GRC framework, ensuring alignment with business goals, regulatory mandates, and industry best practices. This role will manage GRC operations, lead cross-functional teams, engage executive leadership, and steer strategic risk decisions to safeguard organizational resilience.

Key Responsibilities :

Strategic Governance & Leadership :

- Lead the design, execution, and maturation of the organizations comprehensive GRC strategy, encompassing policy governance, risk management frameworks, compliance programs, and continuous improvement initiatives.

- Own the governance structure including policy lifecycle management, control frameworks, and compliance awareness programs.

- Align GRC objectives with business goals and regulatory mandates through close collaboration with executive leadership and key stakeholders.

- Provide leadership, mentoring, and development support to GRC analysts and related teams.

Risk Management & Compliance Oversight :

- Oversee compliance operations including audit management, regulatory assessments, and compliance reporting to ensure adherence to global standards (ISO 27001, NIST, GDPR, PCI-DSS, SOC2).

- Champion risk appetite definition and risk tolerance monitoring aligned with organizational priorities.

Process Improvement & Tooling :

- Drive automation efforts to improve risk intelligence, compliance tracking, and reporting accuracy.

- Identify and implement best practices and process improvements to enhance operational efficiency and risk visibility.

Collaboration & Communication :

- Translate complex risk and compliance information into clear, actionable recommendations for executive leadership and technical teams.

- Lead training, awareness programs, and communication efforts to embed a culture of governance and risk mindfulness.

- Engage with external partners, auditors, and regulators for GRC-related assessments and benchmarking.

Required Qualifications :

- 7 - 8 years of progressive experience in Governance, Risk, and Compliance within cybersecurity or related fields.

- Proven leadership in managing GRC programs, teams, and strategic initiatives.

- Deep expertise in regulatory standards and frameworks (ISO 27001, NIST, GDPR, PCI-DSS, SOC2).

- Strong background with GRC platforms such as RSA Archer, ServiceNow GRC, or similar.

- Experience managing audits, risk assessments, compliance initiatives, and regulatory interactions.

- Excellent strategic thinking, interpersonal, and communication skills.

- Relevant certifications such as CISA, CISM, CISSP, CRISC, or PMP are highly desirable.

Preferred Skills :

- Experience with GRC automation and integration within DevSecOps or cloud security contexts.

- Familiarity with IT and security control frameworks (CIS Controls, MITRE ATT&CK).

- Industry experience in regulated sectors like finance, healthcare, or government.

- Strong analytical and problem-solving skills with a data-driven mindset.

Professional Attributes :

- Collaborative and team-oriented approach with proven mentoring skills.

- Detail-oriented, quality-focused, and proactive in risk anticipation.

- Passionate about continuous learning and adapting to emerging cybersecurity trends.