Job Title: Cybersecurity Team Lead
Location: Hybrid / Remote
Department: Cybersecurity
Reports to: Director of Cybersecurity
Job Overview:
The GRC Team Lead will oversee daily operations for cybersecurity team members to ensure effective execution of security initiatives. This role is responsible for ensuring that cybersecurity policies, processes, and practices align with industry standards, regulations, and internal requirements. The GRC Team Lead will work with cross-functional teams and external stakeholders to mitigate risk, maintain compliance, and enhance security governance.
Key Responsibilities:
Team Leadership & Daily Operations:
- Oversee daily operations for cybersecurity team members, ensuring the timely and effective execution of governance, risk management, and compliance tasks.
- Provide strategic direction, technical expertise, and support to the team on key GRC issues.
- Replace, develop, and manage a team of GRC professionals, ensuring continuous improvement in their performance and growth.
- Set team goals, manage performance, and promote a collaborative working environment.
- Drive continuous improvement of GRC processes and tools to meet evolving business needs and regulatory requirements.
- Coordinate with other cybersecurity teams (incident response, security operations, etc.) to ensure alignment and consistency in security practices.
Governance:
- Lead the development and continuous improvement of cybersecurity governance frameworks, policies, and procedures to align with business objectives and regulatory requirements.
- Establish and monitor key performance indicators (KPIs) and key risk indicators (KRIs) to assess the effectiveness of the cybersecurity governance program.
- Provide regular updates to management on the status of governance initiatives, security posture, and overall risk landscape.
- Develop and implement security awareness programs to promote a risk aware culture across the organization.
Risk Management:
- Conduct comprehensive risk assessments to identify potential threats, vulnerabilities, and security gaps.
- Maintain the risk register and prioritize mitigation efforts based on risk impact and likelihood.
- Work with business units to ensure risks are mitigated within acceptable levels and support the development of risk treatment plans.
- Ensure periodic reviews and assessments of third-party vendors and service providers to evaluate cybersecurity risks and compliance with contractual obligations.
Compliance:
- Oversee the organization's compliance with relevant cybersecurity regulations, standards, and industry frameworks, such as ISO 27001, NIST CSF, GDPR, HIPAA, SOX, and PCI DSS.
- Oversee internal and external audits, ensuring all findings are documented and addressed in a timely manner.
- Implement ongoing compliance monitoring and assessments to identify gaps and vulnerabilities.
- Develop and maintain the security compliance roadmap, ensuring timely adherence to regulatory changes and emerging security requirements.
- Liaise with legal, compliance, and regulatory bodies to address security related concerns and maintain current knowledge of applicable regulations.
Incident Response & Business Continuity:
- Collaborate with incident response teams to ensure that cybersecurity incidents and breaches are reported, investigated, and remediated in accordance with governance policies.
- Lead efforts to integrate cybersecurity risk management into the organization’s business continuity and disaster recovery planning.
- Ensure that business continuity plans (BCP) and disaster recovery (DR) programs include effective cybersecurity provisions and controls.
Qualifications:
Bachelor’s degree in Information Security, Computer Science, Business, or equivalent experience
5+ years of experience in cybersecurity, GRC, or information security roles, with at least 2 years in a supervisory or team lead position.
Extensive knowledge of cybersecurity frameworks such as ISO 27001, NIST CSF, NIST 800-53, and industry-specific regulations (e.g., PCI DSS, HIPAA).
Strong understanding of risk management principles and methodologies.
Experience with GRC programs in a large or highly regulated environment.
Proven experience in leading compliance efforts and handling audits.
Excellent communication skills, with the ability to interact with stakeholders at all levels of the organization.
Relevant certifications (e.g., CISM, CRISC, CISSP, or ISO 27001 Lead Implementer) are a plus.
Skills & Competencies:
Strong project management and organizational skills, with the ability to manage multiple priorities.
Analytical thinking with the ability to solve complex security and compliance challenges.
Strong interpersonal skills to effectively manage relationships with internal teams and external stakeholders.
Detail oriented with a focus on continuous improvement of processes and controls.