🔐 Cyber GRC Lead

📍 Europe-based | Hybrid | Metals & Mining Industry

🕒 Full-time

About the Role

A leading organization in the metals and mining industry is seeking an experienced and motivated Cyber Governance, Risk, and Compliance (GRC) Lead to strengthen its enterprise-wide cybersecurity posture. This position plays a critical role in shaping cyber risk strategy, managing compliance initiatives, and ensuring operational readiness for audits and regulatory assessments.

As a Cyber GRC Lead, you will partner closely with cybersecurity, IT, internal audit, and business stakeholders to maintain robust risk management practices and regulatory compliance, especially across European operations.

Key Responsibilities

🔎 Cyber Risk Management

• Implement and support the enterprise cyber risk framework.
• Identify, assess, and track cyber risks and mitigation plans across the organization.
• Ensure risk reporting is consistent at both executive and operational levels.

📋 Audit Coordination

• Lead cybersecurity-related audit initiatives including maturity assessments and control framework testing.
• Coordinate evidence gathering and post-audit action plans with relevant teams.
• Ensure risk evaluation and define effective mitigation plans for findings.

🛠 Gap Remediation Oversight

• Monitor and drive remediation of identified cybersecurity gaps.
• Track and maintain up-to-date records of remediation efforts.
• Collaborate with CISOs, IT, and business units to resolve issues efficiently.

📜 External Compliance

• Support compliance with cybersecurity standards and regulations (e.g., TISAX, NIS2).
• Facilitate certifications and assessments with external bodies.
• Stay current with cybersecurity regulatory developments.

📑 Policies & Procedures

• Review and improve cybersecurity policies in collaboration with Group Risk & Compliance.
• Ensure processes align with legal and regulatory reporting obligations during cyber incidents.

📊 Reporting & Communication

• Prepare regular compliance and risk reports for senior leadership.
• Maintain clear documentation of activities, decisions, and compliance status.

Requirements

• Extensive experience in cybersecurity, including project management or CISO roles.
• At least 5 years in GRC-focused roles within cybersecurity.
• Strong familiarity with cyber risk and compliance frameworks: ISO 27001, NIST, NIS2, ISO 27005, FAIR, etc.
• Proven ability to manage cross-functional stakeholders.
• Experience with internal and external audits.
• Excellent communication, problem-solving, and analytical skills.
• Comfortable working in international and sensitive environments.
• Languages: Fluent in English; additional European languages (e.g., French, Spanish, Dutch, German, Polish) are a plus.
• Education: Master’s degree in Information Security, Computer Science, Risk Management, or a related field.

💼 Why Apply?

• Play a key leadership role in cyber risk and compliance for a major industrial player.
• Work at the intersection of technology, risk, and regulation.
• Be part of a globally collaborative and dynamic environment.