GRC Consultant - Cyber Lead

Role Summary

We are seeking an
experienced GRC Consultant – Cyber Lead to drive governance and maturity
of non -OS vulnerability management across enterprise application and
platform environments.

This role focuses on cyber
risk oversight, exception management, and vulnerability treatment strategy,
ensuring risks are effectively assessed, governed, and aligned with enterprise
security standards—while remediation execution remains with delivery teams.

Key Responsibilities

Governance & Risk Oversight

• Define and implement non -OS vulnerability management frameworks,
  policies, and standards
  
• Establish governance forums, escalation paths, and
  decision -making processes
  
• Ensure compliance with regulatory, audit, and enterprise
  security requirements
  

Exception & Treatment Management

• Manage remediation exceptions and risk acceptance lifecycle
  
• Validate compensating controls and residual risks
  
• Drive risk -based treatment plans with application and
  platform teams
  

Cyber Risk Management

• Perform risk assessments for vulnerabilities that cannot be
  remediated
  
• Enable risk -based decision -making aligned to business risk
  appetite
  
• Ensure proper documentation, tracking, and periodic review of
  accepted risks
  

Tooling & Capability Uplift

• Lead tooling strategy, evaluation, and automation initiatives
  
• Improve vulnerability management maturity and processes
  
• Support training and adoption across delivery teams
  

Security Improvement & SDLC Integration

• Oversee remediation outcomes from pen tests, audits, and
  assessments
  
• Promote secure -by -design and DevSecOps practices
  
• Ensure vulnerabilities are identified and treated before
  production release
  

Stakeholder Management

• Collaborate with Cyber, Application, Infrastructure, and
  Operations teams
  
• Provide risk insights to senior leadership and governance forums
  
• Influence prioritization based on risk severity and business
  impact
  

Required Skills & Experience

• Strong background in GRC, cyber risk, and vulnerability
  management
  
• Experience with application/platform vulnerabilities (non -OS)
  
• Knowledge of frameworks: ISO 27001, NIST, CIS
  
• Hands -on exposure to tools like Qualys, Tenable, Snyk, or
  similar
  
• Expertise in risk assessment, exception management, and
  compliance
  
• Strong stakeholder engagement and communication skills
  
• Familiarity with DevSecOps / SDLC security practices
  

Qualifications

• Bachelor’s degree in IT / Cybersecurity or related field
  

Certifications (Preferred)

Core

• CISSP / CISM / CRISC
  

GRC & Risk

• ISO 27001 Lead Implementer / Auditor
  
• FAIR Certification
  

Optional (Good to Have)

• CCSP (Cloud Security)
  
• CEH / GIAC (Security testing awareness)
  
• ITIL / Agile certifications