GRC Consultant - Cyber Lead
Indexed description
This role focuses on cyber risk oversight, exception management, and vulnerability treatment strategy, ensuring risks are effectively assessed, governed, and aligned with enterprise security standards—while remediation execution remains with delivery teams.
Key Responsibilities
Governance & Risk Oversight
- Define and implement non-OS vulnerability management frameworks, policies, and standards
- Establish governance forums, escalation paths, and decision-making processes
- Ensure compliance with regulatory, audit, and enterprise security requirements
- Manage remediation exceptions and risk acceptance lifecycle
- Validate compensating controls and residual risks
- Drive risk-based treatment plans with application and platform teams
- Perform risk assessments for vulnerabilities that cannot be remediated
- Enable risk-based decision-making aligned to business risk appetite
- Ensure proper documentation, tracking, and periodic review of accepted risks
- Lead tooling strategy, evaluation, and automation initiatives
- Improve vulnerability management maturity and processes
- Support training and adoption across delivery teams
- Oversee remediation outcomes from pen tests, audits, and assessments
- Promote secure-by-design and DevSecOps practices
- Ensure vulnerabilities are identified and treated before production release
- Collaborate with Cyber, Application, Infrastructure, and Operations teams
- Provide risk insights to senior leadership and governance forums
- Influence prioritization based on risk severity and business impact
- Strong background in GRC, cyber risk, and vulnerability management
- Experience with application/platform vulnerabilities (non-OS)
- Knowledge of frameworks: ISO 27001, NIST, CIS
- Hands-on exposure to tools like Qualys, Tenable, Snyk, or similar
- Expertise in risk assessment, exception management, and compliance
- Strong stakeholder engagement and communication skills
- Familiarity with DevSecOps / SDLC security practices
- Bachelor’s degree in IT / Cybersecurity or related field
- CISSP / CISM / CRISC
- ISO 27001 Lead Implementer / Auditor
- FAIR Certification
- CCSP (Cloud Security)
- CEH / GIAC (Security testing awareness)
- ITIL / Agile certifications
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search