Cybersecurity Risk & Compliance / GRC Manager

TAWANTECH

Responsibilities

• Identify, assess, and manage cybersecurity risks to protect information and technology assets in line with policies, laws, and regulations.
• Review, update, and develop the Third-Party Risk Management Framework to monitor and mitigate vendor-related cyber risks.
• Perform vulnerability assessments of systems and networks, identifying deviations from acceptable configurations or policies, and measure defense-in-depth effectiveness.
• Evaluate, design, implement, fine-tune, and enhance business continuity for digital services with complex interdependencies.
• Calculate, fine-tune, and align Business Impact Assessment (BIA) outputs, including Priority Tiers, RPOs, and RTOs.
• Develop and track risk treatment and mitigation plans.
• Analyze cybersecurity controls and assess effectiveness.
• Oversee vulnerability scans and implement cybersecurity technical controls.
• Monitor and test Security Operations Center (SOC) and incident response plans.
• Maintain cybersecurity aspects of the business continuity plan while tracking risk-related metrics.
• Perform security control assessments for compliance with company policies, ISO 27001, NIST, NCA, and regulatory requirements.
• Review and validate security configurations for critical systems (Active Directory, firewalls, servers, network devices).
• Evaluate and provide actionable recommendations to enhance system security configurations across on-premises and cloud platforms.
• Assess and improve the quality of security documentation, ensuring periodic technical assessments comply with governance requirements.
• Review technical and administrative security controls to identify gaps and recommend remediation measures.
• Collaborate with IT, compliance, and risk management teams to enhance security practices.
• Assist in preparing management and audit reports and presentations.
• Perform comprehensive assessments, configuration reviews, and documentation assessments to strengthen the organization s security posture.
• Configure and manage vulnerability assessment tools and perform technical assessments across systems including Active Directory, firewalls, databases, and cloud platforms.