Cybersecurity Governance, Risk and Compliance Lead

Cybersecurity Governance, Risk and Compliance Lead - Bilingual English/Spanish

We are seeking a bilingual, experienced, and highly skilled Cybersecurity Governance, Risk, and Compliance (GRC) Lead. Experience managing security awareness and training programs is also required.

The ideal candidate will have a deep understanding of cybersecurity frameworks, risk management strategies, and compliance with laws, regulations, and standards, along with the ability to lead efforts to raise security awareness across the organization.

This individual will be instrumental in ensuring our cybersecurity policies, practices, risk management, and training programs align with industry standards and regulatory requirements.

This position is 100% remote in Colombia.

Responsibilities:

- Governance, Risk & Compliance (GRC):

- Lead the design, development, implementation, and maintenance of cybersecurity governance, risk, and compliance programs in alignment with industry best practices and regulatory requirements (e.g., NIST, ISO 27001, OWASP, CCPA, HIPAA, SOC 2).

- Conduct risk assessments and recommend mitigation strategies to senior management.

- Ensure compliance with security regulations and frameworks by preparing for audits, conducting internal assessments, and addressing gaps.

- Collaborate with legal, compliance, and IT teams to ensure security policies and procedures meet all regulatory requirements.

- Develop and maintain key performance indicators (KPIs) for cybersecurity, risk management and compliance programs.

- Review and update cybersecurity policies and procedures regularly to address emerging threats, changes in the regulatory landscape, and organizational needs.

- Act as the subject matter expert on organizational security policies and procedures, offering guidance and support across departments.

- Security Awareness & Training:

- Design, implement, and manage a comprehensive security awareness program to educate employees on security best practices, emerging threats, and compliance requirements.

- Define engaging and informative training materials, tailored to various levels of technical expertise.

- Coordinate and deliver regular security awareness training communications / sessions to improve employee engagement and knowledge retention.

- Track training completion rates, effectiveness of the programs, and areas for improvement, utilizing metrics to continually optimize the program.

- Work closely with HR and leadership to integrate security awareness and compliance topics into onboarding and continuous professional development.

- Identify, design, plan and lead implementation of automation opportunities.

- Continuous improvement of the processes under your responsibility.

- Collaborate with cross-functional teams (including IT, operations, legal, and HR departments) to drive cybersecurity initiatives for ensuring alignment of security practices with business goals and regulatory requirements.

- Lead the evaluation and selection of third-party vendors or tools for risk management and security awareness.

- Provide expert guidance on risk management and compliance to all levels of the organization.

- Provide regular status reports and metrics on GRC activities, risk posture, and security awareness initiatives to senior leadership, offering actionable insights and recommendations for improvements.

- Manage compliance reporting requirements.

Qualifications:

- Education:

- Bachelor’s degree in computer science. Post-graduate degree in cyber/information security is a plus.

- Certifications:

- CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor) preferred.

- Certifications in Risk Management (e.g., CRISC), GRC frameworks and Security Awareness training programs are highly desirable.

- Experience:

- 7+ years of experience in cybersecurity, with at least 3 years in a governance, risk, and compliance leadership role.

- Proven experience in audit and assessment processes, both internal and external, for cybersecurity programs and compliance.

- Proven experience in managing and delivering security awareness and training programs at an enterprise level.

- Hands‑on experience with security tools, risk and compliance management software, and training platforms.

- Experience with cloud security is a plus (Azure, AWS, Google Cloud, etc.).

- Strong knowledge of cybersecurity frameworks, compliance with laws/regulations/ security standards (NIST, CCPA, GDPR, PCI DSS, etc.), and risk management methodologies.

- Strong knowledge of security concepts, policies, and tools, as well as the ability to identify risks and plan remediation.

- Communication and presentation skills, with the ability to engage stakeholders.

- Ability to stay current and adapt quickly to new regulations, emerging security trends, tools, and technologies.

- Strong problem-solving and analytical skills, with the ability to manage complex security challenges.

#J-18808-Ljbffr