Cyber Security Reporting and Governance Lead

Job Title: Governance and Reporting lead

Job Type: Full Time

Department: Cybersecurity Reports to: GRC Manager

Job Summary: This role ensures that cybersecurity policies, frameworks, and regulatory requirements are effectively implemented and reported. The individual will drive cybersecurity reporting, ensure governance is implemented throughout the organisation and compliance with policy and relevant legislations is achieved.

Key Responsibilities:

•Mature the current cybersecurity performance indicators (KPIs) and reporting structures to measure security effectiveness.

•Establish key cyber security performance indicators and reporting structures for vendors to measure their security effectiveness.

•Collaborate with internal and external stakeholders to ensure adherence to cybersecurity policies and compliance requirements.

•Draft and publish new cyber policies where needed.

•Conduct cybersecurity risk assessments to identify and mitigate security threats.

•Lead security audits and assessments both internal and externally with suppliers, ensuring gaps are identified and remediated.

•Develop, implement, and monitor cybersecurity controls to safeguard critical assets.

•Develop and present cybersecurity reports, dashboards, and metrics to senior management and key stakeholders.

•Ensure timely and accurate reporting on cybersecurity risk, incidents, and regulatory compliance.

•Support regulatory and board-level reporting requirements by providing cybersecurity insights and updates.

•Stay up to date with emerging cybersecurity threats, regulatory changes, and industry trends.

Required Qualifications and Experience:

•Bachelor's or Master’s degree in Risk management, Cybersecurity, Business Information Systems, or a related field.

•Relevant certifications (e.g., CISM, CISA, CISSP, CRISC) are a plus.

•Minimum 5 years of experience in cybersecurity governance, risk management, and compliance.

•Experience consolidating and generating reports from various sources

•Strong knowledge of cybersecurity regulations, frameworks, and best practices.

•Experience with security audits, risk assessments, and compliance reporting

•Excellent analytical, communication, and stakeholder management skills.

•Ability to work independently and collaborate across multidisciplinary teams