Implement and drive activities related to technology risk reduction, governance, and compliance with policies and external regulatory compliance.
Evaluate IT risks and develop risk mitigation strategies and corrective actions.
Provide recommendations to improve organizational security posture through process improvement, policy automation, and continuous evolution of capabilities.
Document and report on security gaps and provide remediation guidance, prepare management reports, and track remediation activities.
Conduct risk and exception assessments by assessing multiple inputs from internal/external sources
Conduct due diligence assessments on third-party vendors using supply chain risk management practices.
Implement effective processes within the GRC function to automate and continuously monitor information security controls, exceptions, risk reporting metrics, dashboards, and evidence artifacts.
Interviewing various stakeholders across the organization to determine security controls implementation and effectiveness by collecting and analyzing evidence documenting findings and tracking to closure.
