GRC Lead - IT Risk Management & Compliance
Macpower Digital Assets Edge - Cupertino, CA
Apply NowJob Description
Job Overview: We are looking for an experienced GRC Lead with 8+ years of expertise in IT Risk Management, Audit, and Compliance. The ideal candidate should have a strong understanding of ISO 27001, NIST 800-53, vendor security assessments, and cloud security controls. Key Responsibilities: Lead IT Risk Management, Audit, and Compliance efforts. Implement ISO 27K controls annexures and strategies. Conduct IT security assessments, including audits, vulnerability scanning, and policy reviews. Perform third-party security risk assessments based on ISO 27001 and NIST 800-53. Review supplier technical documentation and vendor security controls. Identify and measure risks associated with vendor security. Document and track risks and recommendations for vendor security gaps. Coordinate and perform vendor security reviews. Ensure compliance with cloud-based technologies (IaaS, SaaS) and data protection requirements. ssess business and security risks across multiple global geographies and suppliers. Perform security audits against published standards. Maintain strong customer service and attention to detail. Work independently, setting goals and priorities. Must-Have Skills: 7+ years of experience in Cyber Security, GRC, and Data Security. Strong expertise in ISO 27001 and NIST 800-53 for third-party security risk assessments. Experience in identifying and measuring vendor security risks. Deep understanding of ISO 27K controls annexures and implementation strategies. Strong background in IT Risk Management, Audit, and Compliance. Excellent communication skills to work with technical and non-technical teams. Preferred Qualifications: ISO 27001 LA/LI certification. Bachelor's degree in Computer Science, Information Security, or a related field. Minimum two years of recent experience in information systems audit or security reviews. Strong problem-solving and analytical skills.
Created: 2026-03-10