GRC Consultant (AU Tech Services, WFH)

Position Overview

• Location Type: Remote
• Employment Type: Full-time
• Salary: P180,000 - P220,000 (Monthly Package)
• Schedule: Monday to Friday (07:00 AM to 04:00 PM Manila Time)

This role involves developing and implementing GRC strategies, conducting risk assessments, ensuring regulatory compliance, and providing training to enhance cybersecurity resilience.

Requirements

• Skills Required:
  • Cyber Security Risk Management
  • IT Compliance
  • HIPAA
• Nice to Have:
  • Cyber Security Certification (a plus, but not required)

Responsibilities

• Strategy Development and Implementation:
  • Develop and implement tailored GRC strategies, frameworks, and roadmaps based on industry best practices, including NIST CSF 2.0, and organizational needs.
  • Align governance, risk management, and compliance efforts with strategic business goals and evolving regulatory requirements.
  • Provide expert guidance on integrating NIST CSF 2.0 into governance, risk, and compliance initiatives to enhance cybersecurity resilience.
  • Act as a strategic advisor to leadership on embedding GRC practices into core business functions.
• Risk Assessment and Management:
  • Conduct detailed risk assessments aligned with NIST CSF 2.0 to identify cybersecurity threats, vulnerabilities, and compliance gaps.
  • Develop, implement, and monitor risk mitigation strategies based on the Identify, Protect, Detect, Respond, and Recover pillars of NIST CSF 2.0.
  • Maintain and regularly update the risk register, ensuring all identified risks are documented and effectively managed.
• Regulatory Compliance:
  • Interpret and implement relevant regulations, standards, and frameworks, such as ISO 27001, GDPR, NIST CSF 2.0, HIPAA, and PCI DSS.
  • Support organizations in preparing for compliance audits and certification processes.
  • Continuously monitor regulatory changes and their impact on organizational policies and practices, providing actionable recommendations.
• Policy Development and Enforcement:
  • Develop, review, and implement security and compliance policies aligned with NIST CSF 2.0 and other applicable standards.
  • Promote adherence to established policies through regular audits, training, and monitoring programs.
  • Enhance cybersecurity governance by enforcing consistent compliance with NIST CSF 2.0 controls.
• Auditing, Monitoring, and Reporting:
  • Conduct regular audits to ensure compliance with internal policies, external regulations, and NIST CSF 2.0 guidelines.
  • Generate detailed reports for stakeholders, including actionable insights to improve governance, risk management, and compliance posture.
  • Design and track key performance indicators (KPIs) to measure the effectiveness of GRC initiatives and alignment with NIST CSF 2.0.
• Training and Awareness:
  • Develop and deliver training programs to enhance awareness of NIST CSF 2.0, GRC practices, and cybersecurity resilience.
  • Facilitate workshops on emerging risks, compliance updates, and industry best practices.
  • Collaborate with teams to ensure organization-wide understanding and application of NIST CSF 2.0 principles.

Application Instructions

• (Information missing - Please refer to the original job posting for specific application instructions.)

Company Information

• (Information missing - Please refer to the original job posting for company information.)