Information Security Manager - GRC

The Role

As an Information Security Manager - GRC, you will drive the development and implementation of our GRC program, working to protect G-P’s infrastructure and data assets. You’ll collaborate closely with cross-functional teams to ensure compliance with global security regulations and frameworks, manage risk, and promote a culture of security awareness.

Key Responsibilities

• GRC Framework Development: Design, implement, and maintain a comprehensive GRC framework aligned with industry standards and regulatory requirements, including ISO 27001, NIST, and GDPR.
• Policy Management: Develop, review, and update security policies, standards, and procedures, collaborating with internal stakeholders to ensure compliance.
• Risk Assessment and Management: Conduct risk assessments, assist legal with the risk register, and provide actionable insights and reports to executive leadership on security risks.
• Vendor Risk Management: Oversee third-party risk management, assessing vendors and partners for compliance with security standards.
• Incident Response and Investigations: Develop and coordinate incident response plans, assist in incident investigations, and lead post-incident evaluations to improve future security.
• Compliance Monitoring: Ensure ongoing compliance with regulatory requirements, standards, and policies across global operations, performing regular audits and assessments.
• Security Awareness and Training: Develop and deliver training programs to enhance security awareness throughout the organization.
• Audit Coordination: Serve as the primary contact for internal and external audits, ensuring thorough audit preparation, coordination, and timely remediation.
• Continuous Improvement: Proactively identify and implement process improvements to enhance the organization’s overall security posture.
• Team Leadership: Manage and mentor a small team of GRC professionals, fostering growth and development while aligning team goals with G-P’s strategic objectives.

What we are looking for:

• Education: Bachelor’s degree in Information Security, Computer Science, or a related field. Industry certifications like CISSP, CISM, or CISA are preferred.
• Experience: Minimum of 5 years in information security, risk management, audit, or compliance roles, with a focus on GRC programs and frameworks.
• Regulatory Knowledge: Strong understanding of global regulatory requirements, including GDPR, SOC2, ISO 27001, and familiarity with other frameworks such as NIST.
• Vendor Management: Proven experience in managing third-party risk assessments and compliance.
• Analytical Skills: Excellent analytical and problem-solving skills, with an outcome-driven mindset.
• Communication: Strong interpersonal skills, with the ability to engage cross-functional teams and communicate complex security concepts effectively.
• Organizational Skills: Superior time-management abilities, with attention to detail and the capability to manage multiple projects.

Why G-P?

At G-P, we’re redefining global employment with cutting-edge, scalable solutions, enabling companies to manage and grow international teams. Join us and contribute to a mission that impacts lives in over 180 countries.

What We Offer

• Growth Opportunities: We support your development with mentorship, training, and professional growth initiatives.
• Competitive Benefits: Enjoy a robust benefits package, including a competitive salary, bonus, and flexible work conditions.
• Innovative Culture: Be part of a remote-first, diverse team that values innovation, creativity, and impactful contributions.

Join G-P and be part of building a global security framework that enables opportunities across the world!

We will consider for employment all qualified applicants, including those with arrest records, conviction records, or other criminal histories, in a manner consistent with the requirements of any applicable state and local laws, including the National Vetting Bureau (Children and Vulnerable Persons) Act 2012, the Private Security Services Act 2004, and the Criminal Justice (Spent Convictions and Certain Disclosures) Act 2016.  

#LI-Remote  #LI-EL1