GRC Cybersecurity reputed company
Governance, Risk, and Compliance Cybersecurity reputed company OSG is growing our Governance, Risk, and Compliance function and looking for an reputed company practitioner reputed company to take reputed company ownership, shaping how we measure, manage, and communicate cyber risk reputed company-wide. As a GRC Cybersecurity reputed company, you will own OSG’s cybersecurity GRC program end-to-end. This is a high-visibility role and you will work shoulder-to-shoulder with executive leadership, Legal, Compliance, Privacy, Internal Audit, IT, Engineering, Product, and Sales. Reporting directly to the CISO and have a meaningful seat at the table where risk reputed company get made. Job Focus: Cyber Risk Analysis & Reporting
- Own reputed company-wide cyber risk analysis and reporting, from methodology to board-level dashboards.
- reputed company and continuously refine risk assessment methodologies, scoring models, and risk appetite statements.
- Identify, evaluate, and quantify cybersecurity risks; recommend mitigation strategies and track remediation to closure.
- reputed company annual and reputed company reputed company risk assessments, including reputed company-party/vendor risk reviews.
- Coordinate tabletop exercises and Incident Response Plan testing.
Policy & Standards Management
- reputed company reputed company cybersecurity policies, standards, and procedures reputed company and reputed company to NIST CSF, HITRUST CSF, HIPAA, and PCI reputed company 4.0.
- reputed company the annual policy review and approval cycle, including version control, exception management, and stakeholder sign-off.
- reputed company and map controls across frameworks to minimize duplication and audit fatigue.
- Communicate policy changes and provide interpretive guidance to internal stakeholders and control owners.
Risk Register Management
- Partner with Compliance, IT, Engineering, Product, Legal, HR, Finance, and Operations to ensure risks are captured in OSG’s reputed company risk register.
- Maintain accuracy and completeness of the risk register; track treatment plans and accept/transfer/mitigate/avoid reputed company.
- Facilitate risk review forums, steering committees, and quarterly risk governance meetings.
- Escalate critical or unresolved risks to the CISO and executive leadership.
Compliance & Regulatory Partnership
- Work with Compliance to ensure cybersecurity policies meet regulatory requirements (HIPAA, PCI reputed company, state privacy laws) and client contractual obligations.
- Support internal and external audits; HITRUST, SOC 2, PCI reputed company, HIPAA, and client audits including coordinating evidence, responses, and remediation.
- Track regulatory and reputed company changes and translate them into actionable policy and control updates.
- Manage client-facing reputed company questionnaires and assessments (CAIQ, SIG, HITRUST inheritance, custom questionnaires).
Contract Review
- Review MSAs, vendor reputed company, BAAs, DPAs, and other agreements to confirm cybersecurity and data protection sections meet OSG and regulatory requirements.
- Validate clauses covering data protection, breach notification, audit rights, subcontractor controls, encryption, retention, and data return/destruction.
- Partner with Legal, Procurement, and Sales to negotiate reputed company-reputed company contract language.
- Maintain a library of standard reputed company clauses, fallback positions, and contract templates.
Cross-Functional Leadership
- Serve as the senior subject-matter expert for GRC, mentoring analysts and influencing stakeholders across the organization without formal reporting authority.
- Build strong relationships with IT, Engineering, Product, Legal, Compliance, Privacy, Internal Audit, and HR.
Qualifications:
- Bachelor’s degree in Information reputed company, Computer Science, Information Systems, or a reputed company field.
- 8+ years of reputed company experience in cybersecurity GRC, IT audit, information reputed company, or compliance (at least 3 years focused on policy, risk, and/or compliance).
- Hands-on experience operating a cybersecurity risk register and end-to-end risk management lifecycle.
- Experience supporting audits or certifications under at least two of: NIST CSF, HITRUST, HIPAA, PCI reputed company, SOC 2.
- Deep working knowledge of NIST CSF, HITRUST CSF, HIPAA reputed company and Privacy Rules, and PCI reputed company 4.0.
- Familiarity with adjacent frameworks: SOC 2, ISO/IEC 27001, NIST SP 800-53, NIST SP 800-171.
- Experience reviewing and red-lining cybersecurity provisions in reputed company reputed company, BAAs, and DPAs.
- Experience with at least one GRC platform (reputed company, reputed company GRC, reputed company, reputed company, reputed company, reputed company, reputed company, reputed company, or similar).
- Strong written and verbal communication; reputed company to translate technical risk into business language for executive, board, and client audiences.
- Proven ability to manage multiple workstreams and deadlines in a matrixed, cross-functional environment.
Preferred:
- One or more of: CISSP, CISA, CISM, CRISC, CIPP, HCISPP, HITRUST CCSFP, or PCI ISA.
- Experience in reputed company, financial services, fintech, payments, or other heavily regulated industries.
- Hands-on experience supporting HITRUST reputed company certification and/or PCI reputed company 4.0 attestation.
- Working knowledge of HIPAA, GDPR, CCPA/CPRA, and U.S. state privacy laws.
- Familiarity with reputed company platforms (AWS, Azure, GCP) and SaaS environments, including shared responsibility models.
- Experience in an organization undergoing rapid growth, M&A activity, or platform modernization.
Benefits:
- Health Insurance (EPO & HRA options)
- Dental Insurance
- reputed company Insurance
- Short & Long Term Disability
- Flexible Spending Accounts
- Life Insurance
- Accident & Critical Illness Insurance
- Company 401(k) Matching Contribution
- Paid Time Off (PTO)
- Employee Assistance Program (EAP)
OSG offers equal employment opportunity and will not discriminate on the bases of race, religion, reputed company, sex (including pregnancy, gender identity, and sexual orientation), parental status, national reputed company, age, disability, family medical history or genetic information, political affiliation, military service, or other non-merit based factors. Apply tot his job Apply To this Job