Senior GRC Specialist

Velsera is hiring a Senior GRC Specialist to develop, implement, and maintain comprehensive information security policies, standards, and procedures aligned with the ISO 27001 framework. The ideal candidate will have at least 8+ years of progressive experience in Information Security GRC, with a focus on risk management, compliance, and governance.RequirementsDevelop, implement, and maintain comprehensive information security policies, standards, and procedures aligned with the ISO 27001 frameworkLead, manage, and mature the organization's Information Security Management System including risk treatment, internal audits, and readiness for external certification auditsServe as the subject matter expert (SME) for Security and Privacy Rules, ensuring compliance for all systems, processes, and applications handling PII and Protected Health Information (PHI)Conduct continuous monitoring and evidence collection to demonstrate compliance with relevant frameworksPlan, conduct and manage internal and supplier auditsPlan GRC activities, prioritise and implement them in timebound mannerPerform detailed security risk assessments and gap analyses on new and existing systems, with a focus on cloud infrastructureCollaborate with Product, Technology, IT and Security teams to implement security controls into cloud / infra / environments, ensuring complianceReview risk mitigations periodically and track remediation efforts to closureConduct third-party vendor risk assessments, focusing on their adherence to required compliance standardsDevelop and deliver targeted security awareness and training programs focused on HIPAA and ISO 27001 requirements for all staff, including technical teamsEvaluate and recommend new security technologies and processes to enhance the compliance and risk postureStay current on emerging cloud security threats, regulatory changes, and updates to the ISO 27001 family of standards and HIPAABenefitsFlexible Work & Time OffHealth & Well-beingGrowth & LearningRecognition & RewardsEngaging & Fun Work CultureOriginally posted on Himalayas

Velsera is hiring a Senior GRC Specialist to develop, implement, and maintain comprehensive information security policies, standards, and procedures aligned with the ISO 27001 framework. The ideal candidate will have at least 8+ years of progressive experience in Information Security GRC, with a focus on risk management, compliance, and governance.RequirementsDevelop, implement, and maintain comprehensive information security policies, standards, and procedures aligned with the ISO 27001 frameworkLead, manage, and mature the organization's Information Security Management System including risk treatment, internal audits, and readiness for external certification auditsServe as the subject matter expert (SME) for Security and Privacy Rules, ensuring compliance for all systems, processes, and applications handling PII and Protected Health Information (PHI)Conduct continuous monitoring and evidence collection to demonstrate compliance with relevant frameworksPlan, conduct and manage internal and supplier auditsPlan GRC activities, prioritise and implement them in timebound mannerPerform detailed security risk assessments and gap analyses on new and existing systems, with a focus on cloud infrastructureCollaborate with Product, Technology, IT and Security teams to implement security controls into cloud / infra / environments, ensuring complianceReview risk mitigations periodically and track remediation efforts to closureConduct third-party vendor risk assessments, focusing on their adherence to required compliance standardsDevelop and deliver targeted security awareness and training programs focused on HIPAA and ISO 27001 requirements for all staff, including technical teamsEvaluate and recommend new security technologies and processes to enhance the compliance and risk postureStay current on emerging cloud security threats, regulatory changes, and updates to the ISO 27001 family of standards and HIPAABenefitsFlexible Work & Time OffHealth & Well-beingGrowth & LearningRecognition & RewardsEngaging & Fun Work CultureOriginally posted on Himalayas