Develop, review, and maintain cybersecurity policies, standards, procedures, and baselines aligned with NIST, ISO 27001, CIS, and regulatory requirements.
Conduct enterprise and project-level cyber risk assessments, including risk identification, scoring, treatment, and tracking.
Manage and maintain the cyber risk register, ensuring clear ownership, mitigation plans, and risk acceptance approvals.
Support compliance programs for ISO 27001, NIST CSF, SOC 2, and applicable regulatory frameworks.
Coordinate and support internal and external audits, including evidence collection, gap analysis, and remediation tracking.
Perform third-party and vendor security risk assessments, including questionnaire reviews and risk rating.
Define and track GRC-related KPIs and KRIs to measure security governance effectiveness.