Cybersecurity Governance Risk Compliance Lead

Job Summary

Leading the development and enforcement of cybersecurity policies, the full-time remote Principal, Cybersecurity Engineering will focus on Governance, Risk, and Compliance (GRC), manage third-party vendor risk, drive security awareness initiatives, and provide expertise in support of mergers and acquisitions.

Key responsibilities

• Adapt and maintain security guidance and policies based on the NIST Cybersecurity Framework, ensuring compliance and audit readiness
• Develop and enforce Supplier Information Security Requirements (SISR) to manage third-party vendor security relationships
• Design and execute phishing simulation campaigns, analyzing results to recommend targeted security awareness training interventions

Required qualifications

• 3 - 5 years of progressive experience in cybersecurity with a strong focus on GRC
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field preferred; advanced degree a plus
• Deep working knowledge of the NIST Cybersecurity Framework (CSF) and relevant regulatory compliance requirements
• Proven experience managing supplier information security programs and collaborating with Procurement and Legal teams
• Hands-on experience designing phishing simulation programs and coordinating enterprise-wide security awareness campaigns