Cybersecurity Governance, Risk and Compliance Team Lead

<h1><strong>Cybersecurity Governance, Risk and Compliance (GRC) Lead</strong></h1> <p>We are seeking a bilingual, experienced, and highly skilled <strong>Cybersecurity Governance, Risk and Compliance (GRC) Lead</strong>. Experience managing security awareness and training programs is also required. The ideal candidate will have a deep understanding of cybersecurity frameworks, risk management strategies, and compliance with laws/regulations/standards, along with the ability to lead efforts to raise security awareness across the organization. This individual will be instrumental in ensuring our cybersecurity policies, practices, risk management, and training programs align with industry standards and regulatory requirements.</p> <p><em><strong>This position is 100% remote in Colombia.</strong></em></p> <p><strong>Key Responsibilities:</strong></p> <p><strong>Governance, Risk Compliance (GRC):</strong></p> <ul> <li>Lead the design, development, implementation, and maintenance of cybersecurity governance, risk, and compliance programs in alignment with industry best practices and regulatory requirements (e.g., NIST, ISO 27001, OWASP, CCPA, HIPAA, SOC 2).</li> <li>Conduct risk assessments and recommend mitigation strategies to senior management.</li> <li>Ensure compliance with security regulations and frameworks by preparing for audits, conducting internal assessments, and addressing gaps.</li> <li>Collaborate with legal, compliance, and IT teams to ensure security policies and procedures meet all regulatory requirements.</li> <li>Develop and maintain key performance indicators (KPIs) for cybersecurity, risk management, and compliance programs.</li> <li>Review and update cybersecurity policies and procedures regularly to address emerging threats, changes in the regulatory landscape, and organizational needs.</li> <li>Act as the subject matter expert on organizational security policies and procedures, offering guidance and support across departments.</li> </ul> <p><strong>Security Awareness Training:</strong></p> <ul> <li>Design, implement, and manage a comprehensive security awareness program to educate employees on security best practices, emerging threats, and compliance requirements.</li> <li>Define engaging and informative training materials, tailored to various levels of technical expertise.</li> <li>Coordinate and deliver regular security awareness training communications / sessions to improve employee engagement and knowledge retention.</li> <li>Track training completion rates, effectiveness of the programs, and areas for improvement, utilizing metrics to continually optimize the program.</li> <li>Work closely with HR and leadership to integrate security awareness and compliance topics into onboarding and continuous professional development.<strong><br></strong></li> </ul> <p><strong>Leadership, Collaboration Reporting:</strong></p> <ul> <li>Identify, design, plan, and lead implementation of automation opportunities.</li> <li>Continuous improvement of the processes under your responsibility.</li> <li>Collaborate with cross-functional teams (including IT, operations, legal, and HR departments) to drive cybersecurity initiatives for ensuring alignment of security practices with business goals and regulatory requirements.</li> <li>Lead the evaluation and selection of third-party vendors or tools for risk management and security awareness.</li> <li>Provide expert guidance on risk management and compliance to all levels of the organization.</li> <li>Provide regular status reports and metrics on GRC activities, risk posture, and security awareness initiatives to senior leadership, offering actionable insights and recommendations for improvements.</li> <li>Manage compliance reporting requirements.<strong><br></strong></li> </ul> <p><strong>Key Qualifications:</strong></p> <p><strong>Language</strong></p> <ul> <li>Bilingual (English - Spanish) B2/C1.</li> </ul> <p><strong>Education:</strong></p> <ul> <li>Bachelor’s degree in comput ... (truncated, view full listing at source)