Job Description

Pomelo Care is seeking a Director of Information Security Governance, Risk and Compliance (GRC) to lead the security team's risk management efforts, ensure compliance with relevant laws and regulations, and contribute to the development of the organization's overall security strategy. This role involves collaborating with key stakeholders, understanding regulatory requirements, and implementing effective security strategies to safeguard the organization.

Responsibilities

• Develop and maintain an information security governance framework
• Establish and enforce security policies, standards, and procedures
• Conduct risk assessments to identify and evaluate security risks
• Develop and implement risk mitigation strategies and action plans
• Ensure compliance with relevant laws, regulations, and industry standards
• Contribute to the development of the organization's overall security strategy
• Oversee the development and delivery of security awareness programs
• Assess and manage security risks associated with third-party vendors
• Provide regular updates and reports on security, risk, and compliance to senior management
• Build, recruit, lead and manage a team of security professionals
• Identify opportunities for process improvement within the security GRC function

Requirements

• 9+ years experience in information security (or 6 years experience and relevant bachelor’s degree), with a focus on GRC
• Strong understanding of governance, risk management, and compliance frameworks
• Experience in collaborating with and influencing key stakeholders
• Strong technical background including full stack software development, system architecture and security fundamentals
• Relevant certifications (e.g. CISSP, CISM) required
• Exceptional communication skills and the ability to convey complex security concepts to non-technical stakeholders

Benefits

• No benefits