GRC Lead

About the client: Our client is a global technology consulting and digital solutions company that enables enterprises across industries to reimagine business models, accelerate innovation, and maximize growth by harnessing digital technologies. As a digital transformation partner to more than 700+ clients, our client brings extensive domain and technology expertise to help drive superior competitive differentiation, customer experiences, and business outcomes in a converging world. Powered by nearly 90,000 talented and entrepreneurial professionals across more than 30 countries. Role--GRC Lead Location --Cleveland, OH Job Type--FTE Seeks an experienced Governance Risk Compliance GRC Lead to serve onsite as the primary cybersecurity governance pointofcontact This role will oversee the GRC program interface with CISO coordinate with offshore delivery and drive measurable maturity uplift aligned to NIST CSF 20 and other standards The lead will ensure governance across all cybersecurity domainspolicy risk assurance and technical trackswhile maintaining strong stakeholder engagement Key Responsibilities Program Leadership Stakeholder Management Act as onsite GRC owner working closely with CISOs team facilitating governance forums risk reviews and executive updates Navigate complex stakeholder conversations and maintain trustbased relationships with senior leaders Framework Alignment Control Governance Map Customer policies and controls to NIST CSF 20 define target tiers and evidence expectations Maintain control library RACI and attestation processes for audits and compliance Risk Management Operate the risk register drive prioritization and remediation timelines and escalate material risks Third Party Risk Assess vendor risk posture review contracts for compliance obligations and track remediation Compliance Management Testing Lead internal control testing and preaudit readiness support external audits with complete evidence packs Ensure compliance with ISO 27001 SOC 2 GDPR and other regulatory frameworks Cybersecurity Tracks Brief Coverage Network Security Governance of segmentation firewall rules and monitoring Endpoint Vulnerability Management Patching hardening and drift reporting Cloud Application Security Compliance for SaaSIaaS and secure SDLC practices Data Protection Privacy Encryption retention and regulatory alignment Identity Access Management Governance of JML RBAC and privileged access Incident Response Resilience Playbooks tabletop exercises and recovery readiness CISO Dashboards Reporting Develop and publish dashboards for executive visibility on risk posture compliance status and audit readiness Cybersecurity Awareness Training Drive awareness programs and targeted training for control owners and employees to strengthen security culture Operating Model Offshore Coordination Work with offshore teams to plan sprints assign actions and publish governance scorecards Policy Lifecycle Awareness Maintain policy lifecycle and drive awareness among control owners Outcomes KPIs Achieve uplift against Customers NIST CSF 20 baseline by closing gaps in documented processes and evidence Closure of highrisk findings with approved remediation plans Green audit readiness status for scoped audits Timely delivery of CISO dashboards and governance reports Required Qualifications Cybersecurity with leading GRC programs Expertise in NIST CSF 20 ISO 27001 SOC 2 and CIS benchmarks Strong stakeholder management and auditassurance experience Familiarity with thirdparty risk frameworks and compliance testing Preferred Experience Certifications such as CISSP CISM CRISC are highly desirable Skills Mandatory Skills : GRC Risk Assessment

Created: 2026-03-04