grc analyst

TITAN Cement Group is looking for a high-caliber professional to assume the GRC Analyst role, who will play a vital role in strengthening the organization's Cyber Security Governance, Risk, and Compliance posture by designing, managing and monitoring the implementation of key frameworks for cybersecurity and information risk management and compliance.

The job holder will help align information and cyber security practices with organizational goals, regulatory standards, and evolving technological advancements.

The position is based in Athens, Greece.

Responsibilities

The role is required to:

Information / Cyber Security Risk Management:

• Design, Implement, maintain and monitor the Information/Cyber Security Risk Management Framework, aligning it with organizational goals and compliance requirements.
• Conduct risk assessments and risk reviews across different business units, information assets and processes, documenting findings and collaborating with teams to remediate identified risks.

Information / Cyber Security Risk Management Framework Monitoring:

• Collaborate with the Cyber Security Risk Management leadership to identify and define meaningful KPIs and KRIs related to risk management, third-party security, compliance, and cybersecurity culture.
• Monitor and report on Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the effectiveness of risk mitigation efforts, third-party risk assessments, as well as compliance initiatives, user awareness programs, etc., ensuring alignment with organizational goals and regulatory requirements.

Vendor Risk Management:

• Support the Third-Party Risk Management Program, conducting risk assessments on vendors and third parties to ensure they meet the organization’s security standards.
• Collaborate with procurement, legal, and business units to integrate security requirements into the vendor selection and contracting process.

Cybersecurity Compliance and AI-Related Frameworks:

• Ensure compliance with cybersecurity regulations, industry standards, and internal policies, aligning with frameworks such as ISO 27001, NIST, and SOX.
• Collaborate with data science teams to oversee compliance with AI-related frameworks, ensuring responsible AI use and integrating security controls in AI/ML projects.

Cybersecurity Culture and User Awareness Framework:

• Support development and implementation of a comprehensive Cybersecurity User Awareness Framework to educate employees on cybersecurity best practices and organization-specific policies.
• Support Cybersecurity Ambassadors program, engaging representatives from various departments to promote a proactive cybersecurity culture and foster peer learning.
• Collaborate in creation and distribution of awareness material to keep staff informed about emerging threats, security policies, and risk mitigation techniques.

Qualifications

What you will bring along:

• Bachelor's degree in Technical Studies, Computer Science, Information Security, Cybersecurity, or related field.
• 3-5 years of working experience in GRC roles, with proven experience in cyber risk management, or related fields, with hands-on experience in risk and vulnerability management and vendor risk assessment.
• Solid understanding of risk management principles and frameworks, particularly in cyber risk and organizational risk contexts.
• Familiarity with third-party risk management frameworks and vendor evaluation processes, including risk assessments, due diligence, and monitoring.
• Knowledge of cybersecurity and standards (ISO 27001, NIST) affecting compliance programs.
• Familiarity with responsible AI frameworks and guidelines, with experience working cross-functionally to ensure compliance with AI projects.
• Experience in developing and delivering cybersecurity awareness programs, including creating materials and conducting training sessions for various audiences.
• Fluency in English is a pre-requisite.