Information Security GRC Lead

• Drive the development and expansion of the company's information security GRC function, ensuring alignment with strategic objectives and compliance requirements.
• Lead enterprise-wide security risk assessments, covering operational and regulatory dimensions.
• Manage internal and external audit engagements to guarantee adherence to standards such as ISO 27001, GDPR, NIS2, among others.
• Advocate for a robust security culture by promoting risk awareness and compliance across all departments.
• Engage closely with stakeholders across IT, Legal, HR, and Operations to ensure clarity and alignment with the GRC framework.
• Oversee the security awareness and training program, including the creation of content and educational materials.
• Track the implementation and effectiveness of security controls throughout the organization and report findings.
• Stay up to date with evolving regulatory obligations and ensure timely updates to internal policies and procedures.
• Provide leadership with regular updates on risk posture, compliance status, and key metrics.

• Demonstrated experience in leading small teams in GRC-focused roles, particularly within global enterprises.
• Ability to operate effectively at both strategic planning and hands-on execution levels.
• Strong organizational skills, with the capacity to manage multiple priorities simultaneously.
• At least 5 years of experience in information security GRC roles.
• In-depth knowledge of international data protection and cybersecurity regulations (e.g. GDPR, NIS2, DORA, SOC).
• Familiarity with widely accepted frameworks and standards such as ISO 27001 and NIST.
• Solid experience with risk management methodologies (e.g. ISO 31000, NIST RMF, FISMA).
• Preferred certifications: CISM, CRISC, CISSP, ISO 27001 Lead Implementer, or equivalent.
• Nice to have: Experience in industries like petrochemicals, oil & gas is considered an asset.

HITO Solutions