GRC Principal

GRC Principal

Description -

Job Summary: We are seeking a highly skilled and experienced GRC Principal to join our team. The ideal candidate will have a deep understanding of the Factor Analysis of Information Risk (FAIR) model, the NIST Cybersecurity Framework (CSF), and be proficient in leveraging the SafeSecurity platform. With over 10 years of experience in Governance, Risk, and Compliance (GRC), with a strong emphasis on risk management, this individual will play a critical role in enhancing our GRC capabilities.

Key Responsibilities:

• Lead the development and implementation of cyber risk management strategies using the FAIR model and SafeSecurity platform.

• Conduct comprehensive risk assessments and quantify cyber risks in terms of loss magnitude and likelihood.

• Collaborate with cross-functional teams to identify, assess, and mitigate cyber risks.

• Provide expert guidance on GRC practices and ensure compliance with industry standards and regulations.

• Implement and integrate the NIST Cybersecurity Framework (CSF) into the organization's GRC practices.

• Develop strategies to align the organization's cybersecurity efforts with the NIST CSF, including identifying, protecting, detecting, responding, and recovering from cyber threats.

• Communicate risk findings and recommendations to senior leadership and stakeholders.

• Stay current with emerging cyber threats, vulnerabilities, and best practices in risk management.

Qualifications:

• Bachelor's degree in Information Security, Cybersecurity, Risk Management, or a related field. Advanced degree preferred.

• Minimum of 10 years of experience in GRC, with a strong emphasis on risk management.

• In-depth knowledge of the FAIR model and experience using the SafeSecurity platform.

• Proven track record of conducting risk assessments and developing risk mitigation strategies.

• Strong understanding of the NIST Cybersecurity Framework (CSF) and experience implementing it in GRC practices.

• Strong understanding of industry standards and regulations related to cybersecurity and risk management.

• Excellent analytical, problem-solving, and communication skills.

• Ability to work effectively in a fast-paced, dynamic environment.

Preferred Skills:

• Certifications such as CISSP, CISM, CRISC, or similar.

• Experience with other cyber risk management frameworks and tools.

• Strong leadership and project management skills.

Disclaimer
• This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.

Job -

Data & Information Technology

Schedule -

Full time

Shift -

No shift premium (United States of America)

Travel -

Relocation -

Equal Opportunity Employer (EEO) - 

HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).

Please be assured that you will not be subject to any adverse treatment if you choose to disclose the information requested. This information is provided voluntarily. The information obtained will be kept in strict confidence.

If you’d like more information about HP’s EEO Policy or your EEO rights as an applicant under the law, please click here: Equal Employment Opportunity is the Law Equal Employment Opportunity is the Law – Supplement