LHH is looking for a Sr. Information Security Engineer - GRC to aid an established and rapidly growing client of ours in the Computer Hardware space. This person will be responsible for developing, implementing, and overseeing the organization's comprehensive cybersecurity GRC program. In this capacity you will act as a strategic partner to senior management, ensuring alignment between cybersecurity initiatives and overall business objectives. In this capacity you will create and maintain processes, procedures and documentation, perform IT security reviews, and perform vulnerability management and risk assessments to proactively secure the organization.
Responsibilities
- Develop and maintain the organization's cyber governance framework, risk management strategy, and compliance roadmap, ensuring alignment with industry best practices and regulatory requirements (e.g., NIST, ISO, PCI DSS).
- Establish and enforce clear and concise cybersecurity policies, standards, and procedures, providing ongoing guidance and support to stakeholders across the organization.
- Lead the identification, assessment, and prioritization of cybersecurity risks, recommending and implementing appropriate mitigation strategies and action plans.
- Conduct or oversee regular security audits and assessments to evaluate the effectiveness of cybersecurity controls and identify areas for improvement.
- Monitor and report on the performance of the cybersecurity GRC program, including key metrics and compliance posture.
- Manage and maintain all related documentation, including risk registers, policy documents, and audit reports.
- Foster a culture of cybersecurity awareness and education within the organization through training programs and initiatives.
- Develop training and awareness programs to ensure staff compliance with security policies and procedures.
Experience
- 8+ years experience in information security with a focus on GRC.
- Certifications such as CISSP, CISM, CRISC, or CISA are highly preferred.
- Experience developing and implementing cybersecurity policies, standards, and procedures.
- Comfortable translating complex security regulations into actionable plans for technical and non-technical teams.
- Strong understanding of cybersecurity frameworks (e.g., NIST CSF, ISO 27001/27002) and relevant industry regulations.
- Experience in conducting security risk assessments and audits.
- Excellent communication, collaboration, and interpersonal skills.
- Proactive, results-oriented, and with a strong work ethic.
Sound like a fit? Apply today!