Cybersecurity Architect

The Cybersecurity GRC (Governance, Risk, and Compliance) Architect is responsible for designing and implementing frameworks, policies, and solutions that align with organizational objectives and regulatory requirements. This role ensures the organization's information systems are secure, resilient, and compliant with applicable laws, regulations, and standards. The GRC Architect serves as a strategic partner to leadership, offering expertise in risk management, policy development, and compliance auditing.

Key Responsibilities

Governance and Strategy
- Develop and implement cybersecurity governance frameworks to support the organization's goals and regulatory requirements.
- Define and maintain security policies, standards, and guidelines.
- Ensure alignment with international standards such as ISO 27001, NIST, GDPR, or CMMC.
- Establish a cybersecurity program that balances risk mitigation with business priorities.

Risk Management
- Conduct risk assessments to identify, evaluate, and prioritize threats to systems and data.
- Design risk mitigation strategies and monitor their implementation.
- Collaborate with cross-functional teams to integrate risk management into business processes.
- Evaluate third-party vendor risks and recommend security controls.

Compliance Oversight
- Monitor and enforce compliance with industry regulations (e.g., HIPAA, PCI DSS, SOX, or regional data protection laws).
- Lead internal and external audit preparations and ensure timely closure of audit findings.
- Establish mechanisms to track compliance metrics and generate executive-level reports.
- Stay updated on emerging regulations and assess their impact on organizational processes.

Security Architecture and Design
- Collaborate with technical teams to design secure IT systems that meet compliance and risk management requirements.
- Advocate for secure design principles in system development lifecycles (SDLC).
- Lead the deployment of GRC tools, including policy management, risk analysis, and compliance automation solutions.

Training and Awareness
- Create training programs to educate staff on cybersecurity policies and risk management practices.
- Promote a culture of compliance and risk awareness across the organization.
- Serve as a mentor and resource for junior GRC team members.

**Requirements**:
Technical Skills
- In-depth knowledge of cybersecurity frameworks (e.g., ISO 27001, NIST CSF, COBIT).
- Familiarity with GRC tools such as Archer, ServiceNow, or LogicGate.
- Strong understanding of risk management methodologies, including qualitative and quantitative assessments.
- Experience with compliance requirements in regulated industries.
- Knowledge of cloud security principles and SaaS/PaaS/IaaS environments.

Professional Skills
- Strong analytical and problem-solving skills.
- Excellent verbal and written communication, with the ability to convey complex topics to non-technical audiences.
- Demonstrated ability to collaborate across teams and influence stakeholders.

Education and Certifications
- Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent experience).
- 8-10 years of experience in cybersecurity related technologies.
- Certifications such as CISSP, CISM, CRISC, or CISA are highly preferred.
- Familiarity with privacy certifications like CIPP/US or CIPP/E is a plus.

Preferred Qualifications
- Experience in incident response and crisis management.
- Hands-on experience with regulatory reporting and audit support.
- Familiarity with operational technology (OT) and industrial control systems (ICS) cybersecurity.

Key Performance Indicators (KPIs)
- Number and severity of compliance findings.
- Percentage of mitigated high-priority risks.
- Timeliness in implementing security policies and controls.
- Maturity level of cybersecurity governance and risk frameworks

**Benefits**

Medical Insurance

Travel daily per diem.