GRC Technical Expert

Cyber Risk Expert (Part-Time)

About the Role

We are looking for an experienced Cyber Risk Expert to support critical business and technology initiatives by identifying, assessing, and mitigating IT and cybersecurity risks from the earliest project stages.

This role sits at the intersection of Security Architecture, Cyber Risk Management, and Governance, Risk & Compliance (GRC). You will work closely with architects, engineering teams, product owners, and business stakeholders to ensure that strategic initiatives are secure, resilient, and compliant by design.

Working model: 3 days per week, including a minimum of 2 days onsite.

Key Responsibilities

Cyber Risk Assessments

• Perform security and risk assessments for critical and high-impact projects.
• Identify, analyze, and document cybersecurity risks throughout the project lifecycle.
• Define mitigation plans and track remediation activities.

Security Architecture Reviews

• Review technical architectures, cloud environments, APIs, integrations, and application designs.
• Assess security weaknesses and recommend appropriate controls.
• Apply Security-by-Design principles during project delivery.

Risk & Compliance

• Ensure alignment with security frameworks and regulatory requirements including:
• ISO 27001 / 27002 / 27005
• NIST Cybersecurity Framework
• NIS2 Directive
• GDPR
• Support risk governance processes and compliance initiatives.

Technical Security Analysis

• Analyze application and infrastructure risks using recognized methodologies.
• Assess vulnerabilities related to cloud services, APIs, microservices, identity management, and third-party integrations.
• Review security controls and identify gaps before production deployment.

Third-Party Risk Management

• Conduct security assessments of suppliers and external service providers.
• Review security requirements in contracts and technical solutions.

Stakeholder Management

• Facilitate workshops with architects, engineers, and business stakeholders.
• Translate technical risks into clear business impacts and recommendations.
• Present findings to management and steering committees.

Required Experience

• Minimum 5 years of experience in Cyber Security, Security Architecture, Cyber Risk, or GRC.
• Strong knowledge of:
• ISO 27001 / 27002 / 27005
• NIST
• NIS2
• OWASP methodologies
• Experience conducting technical security reviews and risk assessments.
• Strong understanding of:
• Cloud environments
• APIs and integrations
• Microservices architectures
• Identity and Access Management
• Experience working with cross-functional technical teams.
• Ability to communicate complex security concepts to both technical and non-technical audiences.
• Fluent English.

Preferred Backgrounds

• Cyber Risk Manager
• Security Architect
• Cyber Security Consultant
• Senior GRC Consultant
• Information Security Manager
• Security Governance Lead

Key Skills

Cyber Risk Management • Security Architecture • ISO 27001 • ISO 27005 • NIS2 • NIST • OWASP • Cloud Security • Application Security • Third-Party Risk • Security Assessments • Governance Risk & Compliance (GRC) • Security by Design • Stakeholder Management