Sr. GRC Security Specialist

Job Summary

The Senior GRC Security Specialist with a focus on Identity Management will serve as an expert within our Information Security team. This role involves leading the strategic implementation of security governance, risk, and compliance (GRC) with a specialized focus on Identity and Access Management (IAM) solutions for our rapidly expanding company. You will collaborate closely with business leaders to manage risk and ensure robust identity security within our governance framework. This position requires high-level policy management, a profound understanding of identity security in compliance and sales enablement, as well as hands-on involvement with risk management, audits, and security operations. A strong sense of professional development is essential for this role, as it will help me stay at the forefront of identity security practices and regulatory knowledge.

Responsibilities

• Lead the development and execution of comprehensive GRC strategies focused on IAM, ensuring alignment with business objectives, regulatory requirements, and the broader GRC strategy.
• Drive the IAM program, including the creation of policies, procedures, and controls to mitigate identity-related risks.
• Conducted in-depth security assessments specifically focused on IAM in cyber risk management and security governance.
• Identify, assess, and oversee the mitigation of information security risks related to IAM, ensuring timely execution of plans.
• Champion regulatory and compliance initiatives (e.g., ISO 27001, GDPR, etc) as they relate to IAM, leading audits and compliance assessments in this domain.
• Evaluate, recommend, and oversee the implementation of IAM technologies and solutions, such as privileged access management, single sign-on, and identity governance.
• Act as a subject matter expert on IAM within the information security team, providing guidance and leadership.

Qualifications

• Minimum 6 years of experience in information security, with at least 3 years specialized in IAM within a GRC context.
• Proven expertise in developing and managing IAM strategies in complex environments, preferably across multiple cloud-based technologies and solutions.
• Deep understanding of identity security operations tools and services such as multi-factor authentication, identity providers, directory services, and related technologies.
• Familiarity with information security governance, risk management, and compliance frameworks, particularly as they relate to IAM (e.g., NIST Cybersecurity Framework, ISO 27001/2, ITIL, GDPR).
• Strong organizational skills, attention to detail, and the ability to manage multiple projects and priorities with a high degree of professionalism and client service orientation.
• Adaptable to a dynamic, rapidly changing environment.
• Excellent communication and interpersonal skills; proficiency in English required.
• Bachelor's or Master's degree in a computer-related field or equivalent experience.
• Experience with security operations tools such as logging systems, intrusion detection/prevention systems (IDS/IPS), Anti-virus, SIEM, Vulnerability Management tools, DLP, endpoint protection, web filtering, CASB, etc.
• Experience with industry leading IAM solutions and services.
• Knowledge of common information security governance and regulatory frameworks such as ISO 27001/2, Information Technology Infrastructure Library (ITIL), and General Data Protection Regulation (GDPR).
• Highly developed organizational skills and attention to detail, including the ability to handle multiple projects and priorities simultaneously with high professionalism and client service orientation.
• Ability to work effectively within a fast-paced, changing environment.
• Excellent communication and interpersonal skills in English are required.