Senior Cybersecurity GRC Lead

About the position We are looking for a senior Cybersecurity GRC professional to lead critical risk, compliance, and internal control initiatives, in a context of rapid growth in cybersecurity activities and increasing regulatory demands. This role will play a central part in defining, implementing, and evolving the internal control framework, ensuring the robustness of processes and alignment with international standards.

Responsibilities

• Lead cyber risk assessments and control reviews, identifying gaps and driving remediation through to closure.
• Act as a bridge between GRC and technical teams, confidently challenging and validating control design and implementation.
• Own and maintain the Internal Control Framework, ensuring it remains relevant and up to date, and act as the focal point for internal controls within Digital Technologies, including coordination with external auditors.
• Drive the implementation of new controls to ensure compliance with regulations the company is subject to.
• Contribute to enhancing security policies and standards aligned to ISO 27001 and NIST.
• Partner with Digital Technology, Enterprise Risk Management, Legal & Compliance, and Internal Audit to embed security into business processes and decision-making.

Requirements

• Knowledge of cybersecurity frameworks, standards, and regulations (e.g., NIS2, ISO 27001, GDPR).
• Proven experience in cybersecurity GRC, risk management, compliance, ISO implementation and audits.
• Ability to work collaboratively and lead initiatives related to cybersecurity governance, risk management, compliance, and ISO standards.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Strong problem-solving and analytical skills.
• Fluency in English.

Nice-to-haves

• Professional certifications is a plus.
• Experience in consulting industry and professional certifications are a plus.