Cybersecurity Governance, Risk & Compliance (GRC) Specialist at CENTRAL COUNTIES CENTER FOR MENTAL

Paris, Ile-de-France, France -

Full Time

Start Date

Immediate

Expiry Date

20 Mar, 26

Salary

0.0

Posted On

20 Dec, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cybersecurity Governance, Risk Management, Compliance, NIST Cybersecurity Framework, ISO 27001, CIS Controls, MITRE ATT&CK, Risk Assessment, Regulatory Compliance, Audit Management, Policy Development, Vendor Risk Management, Security Awareness Training, Business Continuity, Disaster Recovery, Crisis Management

Industry

Software Development

Description

Cybersecurity Governance, Risk & Compliance (GRC) Specialist Position Overview We are seeking a Cybersecurity GRC Specialist to develop, implement, and manage comprehensive governance, risk, and compliance programs aligned with leading cybersecurity frameworks including NIST Cybersecurity Framework, ISO 27001/27002, MITRE ATT&CK, and CIS Controls to ensure organizational security posture and regulatory compliance. Key Responsibilities Framework Implementation & Management Implement and maintain NIST Cybersecurity Framework across organizational functions (Identify, Protect, Detect, Respond, Recover) Develop ISO 27001/27002 Information Security Management System (ISMS) and manage certification processes Map organizational security controls to CIS Controls and ensure implementation across all critical security functions Integrate MITRE ATT&CK framework for threat modeling, risk assessment, and security control validation Establish governance structures, policies, and procedures aligned with multiple cybersecurity standards Risk Assessment & Management Conduct comprehensive cybersecurity risk assessments and business impact analyses Develop risk treatment plans including risk acceptance, mitigation, transfer, and avoidance strategies Maintain enterprise risk registers and ensure regular risk review and update processes Perform gap analyses against security frameworks and develop remediation roadmaps Create risk-based metrics and KPIs for executive reporting and board communications Compliance & Audit Management Manage regulatory compliance programs including SOX, PCI-DSS, HIPAA, GDPR, and industry-specific requirements Coordinate internal and external security audits and manage audit finding remediation Develop compliance monitoring programs and automated compliance reporting capabilities Maintain evidence collection and documentation for compliance demonstrations Support vendor risk assessments and third-party security evaluations Policy & Governance Development Develop comprehensive cybersecurity policies, standards, and procedures aligned with business objectives Establish security governance committees and risk management oversight structures Create security awareness training programs and ensure organization-wide policy compliance Manage policy lifecycle including review, approval, communication, and periodic updates Coordinate cross-functional collaboration for security program implementation Required Qualifications Technical Skills 5+ years experience in cybersecurity governance, risk management, or compliance roles Expert knowledge of NIST Cybersecurity Framework, ISO 27001/27002, CIS Controls, and MITRE ATT&CK Strong understanding of regulatory requirements (SOX, PCI-DSS, HIPAA, GDPR) and compliance methodologies Experience with GRC platforms (ServiceNow GRC, RSA Archer, MetricStream) and risk management tools Knowledge of security control frameworks and security architecture principles Proficiency in risk assessment methodologies and quantitative risk analysis techniques Governance Skills Proven experience developing and implementing enterprise security governance programs Strong understanding of business continuity, disaster recovery, and crisis management Experience with vendor risk management and third-party security assessments Knowledge of board reporting and executive communication for cybersecurity topics Preferred Qualifications Bachelor's degree in Cybersecurity, Risk Management, Business Administration, or related field Professional certifications (CISSP, CISA, CRISC, CISM, ISO 27001 Lead Auditor) Experience with cloud compliance frameworks (SOC 2, FedRAMP, CSA CCM) Background in internal audit or external consulting for cybersecurity assessments Knowledge of emerging regulations and privacy frameworks

Responsibilities

The Cybersecurity GRC Specialist will develop, implement, and manage governance, risk, and compliance programs aligned with leading cybersecurity frameworks. Key responsibilities include conducting risk assessments, managing compliance programs, and developing cybersecurity policies.