Cyber Security GRC Consultant

RINA is currently recruiting for a
Cyber Security GRC Consultant
to join its office in Shanghai, China within the
Digital Technology and Cybersecurity
Division.

Mission
The Cyber Security GRC Consultant focuses on contributing to the development, implementation, and maintenance of governance, risk, and compliance programs, ensuring that our organization and clients maintain robust information security and regulatory compliance.

Key Accountabilities
Consultancy and Advisory:

• Provide consultancy in governance, risk, compliance, and privacy to internal teams and clients.
• Contribute in developing and implementing GRC policies, procedures, and frameworks tailored to organizational needs.

Risk Analysis and Assessment:

• Conduct risk analyses and vulnerability assessments to identify potential threats and compliance gaps.
• Contribute to developing mitigation strategies and recommend solutions to address identified risks and vulnerabilities.

Compliance Implementation and Maintenance:

• Support the implementation and ongoing maintenance of compliance frameworks such as ISO 27001, GDPR, NIST Cybersecurity Framework, and CMMC requirements.
• Monitor regulatory changes and contribute to updating internal processes to ensure continuous compliance.

Collaboration and Training:

• Collaborate with cross-functional teams to ensure compliance with all relevant regulatory requirements.
• Provide advice, guidance, and training to employees on compliance best practices and the importance of adhering to security protocols.

Internal Audits and Corrective Actions:

• Conduct internal audits to evaluate the organization's level of compliance with established policies and frameworks.
• Recommend and contribute in the implementation of corrective actions to address any identified compliance issues.

Certification Support:

• Assist the organization in achieving and maintaining industry certifications by providing necessary support and documentation.
• Ensure ongoing adherence to certification requirements.

Pre-Sales and Project Scaling:

• Support pre-sales activities by providing technical expertise and developing proposals that meet client requirements.
• Assist in scaling projects, ensuring that compliance and security requirements are met throughout the project lifecycle.

Education
Bachelor's Degree in Information Systems or Cyber Security

Qualifications

• Professional certifications such as CISSP, CISM, CISA, ISO 27001 Lead Implementer, or equivalent are highly desirable.
• 3 to 5 years of experience in governance, risk management, and compliance within the cybersecurity domain.
• Knowledge of relevant regulatory frameworks and standards (ISO 27001, GDPR, NIST Cybersecurity Framework, CMMC).
• Strong analytical skills and the ability to conduct thorough risk assessments and audits.
• Excellent communication and interpersonal skills, with the ability to provide clear guidance and training.
• Proven experience in collaborating with cross-functional teams and managing compliance projects.
• Ability to stay updated on the latest regulatory changes and industry trends.

Competencies

• ADDRESS THE WAY - Have a big picture of different situations and reinterpret it in a perspective way
• BUILD NETWORK - Forge trust relationships, across departments, and outside the organization
• CLIENT INTIMACY - Embrace internal and external client needs, expectations, and requirements to ensure maximum satisfaction
• EARN TRUST - Take everyone's opinion into account and remain open to diversity
• MAKE EFFECTIVE DECISIONS - Structure activities according to priorities, actions, resources and constraint
• PIONEER CHANGE - Actively embrace change and benefit from the new circumstances
• MANAGE EMOTIONS - Recognise one's and other's emotions and express and regulate one's reactions
• PROMOTE SUSTAINABLE DEVELOPMENT - Promote commitment by keeping promises as a Role Model
• THINK FORWARD - Capitalise on experiences and translate them into action plans for the future

RINA is a multinational company providing a wide range of services in the energy, marine, certification, infrastructure & mobility, industry, research & development sectors. Our business model covers the full process of project development, from concept to completion.

At RINA, we endeavor to create a work environment where every single person is valued and encouraged to develop new ideas. We provide equal employment opportunities and are committed to creating a workplace where everyone feels respected and safe from discrimination or harassment of any kind. We are also compliant to the Italian Law n. 68/99.