Develop, implement, and maintain cybersecurity policies, standards, and procedures in alignment with industry frameworks and regulatory requirements.

Conduct risk assessments, security control evaluations, and gap analyses to identify and mitigate risks.

Support internal and external audits, ensuring compliance with frameworks such as NIST CSF, ISO 27001, CIS Controls, SOC 2, and regulatory obligations.

Assist in the management of third-party risk assessments and vendor security evaluations.

Track, monitor, and report on cybersecurity risks, controls, and compliance metrics.

Work with cross-functional teams to ensure security controls are embedded in business processes and IT operations.

Develop and maintain risk registers, compliance documentation, and audit evidence repositories.

Provide cybersecurity awareness training and guidance to employees on security best practices and compliance requirements.

DLP Strategy & Oversight: Manage and help fine tune DLP Policies (preferable Zscaler) for Endpoint, Network and cloud) to protect sensitive data (PII, PCI, IP)

Stay current with evolving cybersecurity threats, regulatory changes, and best practices to enhance the organization's security and compliance posture.

Bachelor’s degree in computer science, Information Systems, or related degree plus three (3+) years of experience or equivalent combination of education and experience.

Strong knowledge of security and risk management frameworks like NIST CSF, CIS Critical Security Controls, ISO 27001, NIST 800-53, FAIR, and CIS

Must possess excellent oral and written communication skills and the ability to communicate in technical and business terms. Additionally, must be comfortable developing presentations and delivering them to senior management.

3+ years of experience in cybersecurity, governance, risk, and compliance.

Experience conducting risk assessments, control evaluations, and compliance audits.

Strong knowledge of cybersecurity best practices, policies, and procedures.

Excellent analytical, problem-solving, and communication skills.

Ability to work independently and collaboratively in a dynamic environment.

Professional certifications in IT and Cybersecurity a plus (e.g., Security+, GCRP, CGRC etc.).

Bachelor’s degree in computer science, Information Systems, or related degree plus eight (3-4) years of experience or equivalent combination of education and experience

3-4 years of experience in Cybersecurity roles (i.e., incident response, security operations, application security, etc.)

Ability to simultaneously handle multiple projects and adjust to changing priorities while multitasking effectively.

Self-starter, strong initiative, critical thinker, self-directed with a proven track record to collaborate and inspire change.

Experience designing and implementing cybersecurity reporting and metrics (i.e., KPI/KRI development)

Fluent in English; additional languages are a plus.

Tech Savvy: Anticipating and adopting innovations in business-building digital and technology applications.

Optimizes Work Processes: Knowing the most effective and efficient processes to get things done, focusing on continuous improvement.

Plans & Aligns: Planning and prioritizing work to meet commitments aligned with the interpersonal goals.

Business Insight: Applying knowledge of business and the marketplace to advance the organization’s goals.

Communicates Effectively: Developing and delivering multi-mode communications that clearly understand the different audiences' unique needs.