Saronic Technologies is a leader in revolutionizing defense autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations for the Department of Defense (DoD) through autonomous and intelligent platforms.
Saronic is seeking a talented and organized Cybersecurity Governance, Risk, and Compliance (GRC) Lead, this role is responsible for developing and managing the cybersecurity governance, risk, and compliance program. This role ensures the organization adheres to internal policies, regulatory requirements, and industry standards. The GRC Lead will work closely with various teams to assess risks, monitor compliance, and implement governance frameworks to enhance the company’s overall cybersecurity posture. As the GRC Lead for Security, you will play a critical role in protecting Saronic from and mitigating risks to our groundbreaking autonomous surface vessel technology.
Key Responsibilities
- Governance and Policy Development:
- Develop, implement, and maintain cybersecurity policies, procedures, and standards that align with industry best practices and regulatory requirements.
- Establish and maintain cybersecurity governance frameworks to ensure accountability and effective oversight across the organization.
- Collaborate with key stakeholders, including IT, legal, and business leaders, to ensure policies are communicated and enforced organization wide.
- Risk Management:
- Lead the cybersecurity risk management program by identifying, assessing, and prioritizing risks to the organization’s assets and operations.
- Perform risk assessments to evaluate the organization’s risk exposure, including potential vulnerabilities, threats, and the impact of non-compliance with security regulations.
- Develop risk mitigation strategies and recommend controls to reduce or eliminate cybersecurity risks.
- Compliance and Regulatory Adherence:
- Ensure compliance with regulatory requirements such as NIST 800-171, NIST 800-53, CMMC, ISO 27001, ITAR, EAR, GDPR, and other applicable frameworks.
- Monitor and manage internal and external cybersecurity audits, ensuring that the organization addresses audit findings and implements corrective actions.
- Track changes in relevant laws, regulations, and industry standards to ensure the organization’s cybersecurity posture remains compliant.
- Audit and Assessment:
- Lead and coordinate internal and external audits, including readiness assessments, vulnerability assessments, and certification processes.
- Work closely with external auditors and consultants to ensure successful audit outcomes and remediate any findings or gaps identified.
- Regularly assess the effectiveness of security controls and make recommendations for improvements.
- Incident Response and Reporting:
- Collaborate with the incident response team to ensure that governance and compliance aspects are integrated into the response process.
- Ensure that all cybersecurity incidents are reported accurately and in compliance with regulatory requirements.
- Assist in root cause analysis of incidents and ensure proper documentation and follow-up actions are completed.
- Training and Awareness:
- Develop and manage cybersecurity awareness programs to educate employees on the importance of GRC and their role in maintaining compliance.
- Conduct regular training sessions on cybersecurity policies, data protection regulations, and risk management best practices.
- Ensure that leadership and relevant teams are educated on regulatory requirements and the organization’s risk posture.
- Third-Party Risk Management:
- Manage the cybersecurity aspects of the third-party risk management program, ensuring that vendors and partners comply with the organization’s security and privacy standards.
- Conduct security assessments of third-party vendors and partners to identify and mitigate potential risks to the organization.
- Review contracts and security agreements to ensure third-party compliance with relevant cybersecurity regulations.
- Metrics and Reporting:
- Develop and track key performance indicators (KPIs) and metrics related to cybersecurity governance, risk, and compliance.
- Provide regular reports to senior leadership on the organization’s risk posture, compliance status, and any emerging threats.
- Present audit findings, compliance gaps, and risk management updates to stakeholders in a clear and actionable format.
- Collaboration and Stakeholder Management:
- Work closely with IT, legal, HR, and other business units to align cybersecurity initiatives with broader organizational goals.
- Collaborate with external regulatory bodies and industry partners to stay informed of emerging trends and requirements in cybersecurity GRC.
- Act as a subject matter expert (SME) for cybersecurity governance, risk management, and compliance across the organization.
Qualifications
- Bachelor's degree in IT, Security or equivalent experience
- 5+ years experience in Cybersecurity GRC, preferably in the technology or defense industry.
- Strong time management skills, with the ability to multitask and meet tight deadlines.
- Excellent communication and interpersonal skills, including experience engaging with executive leadership.
- Attention to detail and a commitment to quality.
- Proficiency in Cybersecurity GRC software and tools.
Benefits
- Medical Insurance: Comprehensive health insurance plans covering a range of services
- Saronic pays 100% of the premium for employees and 80% for dependents
- Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care
- Saronic pays 99% of the premium for employees and 80% for dependents
- Time Off: Generous PTO and Holidays
- Parental Leave: Paid maternity and paternity leave to support new parents
- Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses
- Retirement Plan: 401(k) plan
- Stock Options: Equity options to give employees a stake in the company’s success
- Life and Disability Insurance: Basic life insurance and short- and long-term disability coverage
- Additional Perks: Free lunch benefit and unlimited free drinks and snacks in the office
Saronic does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.