Technology Risk & Cybersecurity Manager

Governance Development & Implementation:

• Develop, implement, and maintain the organization's cybersecurity governance framework, policies, standards, and procedures in alignment with business objectives and regulatory requirements.
• Lead the development and maintenance of cybersecurity awareness and training programs for all employees.

Risk Management:

• Conduct comprehensive cybersecurity risk assessments to identify, evaluate, and prioritize risks to information assets and systems.
• Develop and manage a risk register, tracking identified risks, mitigation plans, and residual risk levels.
• Collaborate with business units and IT teams to implement risk treatment strategies and controls.
• Monitor the effectiveness of implemented controls and report on risk posture to senior management.
• Lead incident response planning and participate in post-incident analysis to identify GRC-related improvements.

Compliance & Audit Management:

• Ensure the organization's adherence to relevant cybersecurity laws, regulations, and industry standards – NCA ECC, ISO.
• Manage internal and external cybersecurity audits, coordinating with auditors, providing necessary documentation, and tracking remediation efforts for findings.
• Prepare and present Cyber Security reports to management and relevant committees.
• Act as a primary point of contact for all GRC-related inquiries and initiatives.

Stakeholder Engagement & Reporting:

• Communicate effectively with all levels of the organization, from technical teams to executive leadership, on GRC matters.
• Prepare clear, concise, and actionable reports on cybersecurity posture, risk status, and compliance adherence.
• Foster a culture of cybersecurity awareness and accountability across the organization.
• Collaborate with legal, internal audit, and other departments to ensure integrated GRC efforts.