Cyber secuirty Architect

Position Overview

The Cybersecurity GRC (Governance, Risk, and Compliance) Architect is responsible for developing and executing governance frameworks, security policies, and risk management strategies to ensure organizational resilience and regulatory compliance. This role works closely with executive leadership and technical teams to embed security and compliance into enterprise processes and technologies. The architect also plays a key role in establishing a culture of risk awareness and continuous improvement in cybersecurity posture.

Core Responsibilities

Governance and Strategic Alignment

• Develop and maintain cybersecurity governance models in line with industry regulations and organizational objectives.

• Define and update security policies, standards, and procedures to address evolving threats and compliance needs.

• Ensure adherence to recognized standards and frameworks such as ISO 27001, NIST, GDPR, and CMMC.

• Support the development of security strategies that enable innovation while managing cyber risk.

Risk Management

• Conduct enterprise-wide risk assessments to identify and evaluate cyber threats and vulnerabilities.

• Design and oversee implementation of mitigation plans across departments.

• Integrate risk management practices into business and IT workflows.

• Assess vendor and third-party risk, recommending necessary controls and oversight mechanisms.

Compliance and Regulatory Oversight

• Monitor compliance with laws, regulations, and frameworks such as HIPAA, PCI DSS, SOX, and regional data protection regulations.

• Manage preparation for internal and external audits and lead the response to audit findings.

• Develop mechanisms for tracking compliance metrics and generating stakeholder reports.

• Continuously evaluate the impact of new regulatory requirements on business operations.

Security Architecture Collaboration

• Partner with architecture and engineering teams to embed security requirements into system and infrastructure designs.

• Guide the secure integration of technologies in cloud, on-premises, and hybrid environments.

• Promote secure-by-design principles throughout the development lifecycle (SDLC).

• Lead the adoption and deployment of GRC platforms for automation and visibility.

Awareness and Capability Building

• Develop organization-wide training initiatives to build understanding of risk, compliance, and policy adherence.

• Foster a proactive security culture through education and awareness campaigns.

• Mentor junior team members and build internal GRC capabilities.

Required Qualifications

Technical Expertise

• Strong familiarity with cybersecurity frameworks such as NIST CSF, ISO 27001, and COBIT.

• Experience with leading GRC platforms (e.g., Archer, ServiceNow GRC, LogicGate).

• Proficiency in risk analysis methodologies, including both qualitative and quantitative approaches.

• Sound understanding of compliance requirements in regulated sectors (e.g., finance, healthcare).

• Knowledge of cloud security models across SaaS, PaaS, and IaaS platforms.

Professional Competencies

• Exceptional analytical and decision-making skills.

• Effective communicator capable of translating technical concepts for executive and non-technical audiences.

• Demonstrated ability to influence stakeholders and build consensus across business and technical domains.

Education and Certifications

• Bachelor’s degree in Information Security, IT, or related discipline (or equivalent practical experience).

• 8–10 years of hands-on experience in cybersecurity roles, with significant GRC exposure.

• Relevant certifications highly preferred, including CISSP, CISM, CRISC, or CISA.

• Additional privacy-focused certifications such as CIPP/US or CIPP/E are advantageous.

Preferred Qualifications

• Experience supporting incident response and crisis management efforts.

• Familiarity with compliance reporting tools and audit processes.

• Understanding of cybersecurity for industrial environments, including OT and ICS systems.

Key Performance Indicators (KPIs)

• Reduction in the number and severity of compliance violations.

• Percentage of remediated high-risk issues within SLA.

• Implementation speed and coverage of new security policies.

• Measurable improvements in the maturity of GRC programs.