GRC Program & ISO 27001: Lead day‑to‑day operation and continuous improvement of our ISO 27001–aligned Information Security Management System (ISMS), including policies, standards, and control procedures across the organization.
Policy, Standards, and Exception Management: Develop, maintain, and socialise information security policies, standards, and guidelines; manage exceptions, ensuring decisions are risk‑based, documented, and periodically reviewed.
Integrated Risk Management: Lead security risk and control assessments for new systems, services, and business initiatives, partnering with Security, IT, and business owners to identify threats, evaluate the design and operating effectiveness of controls, and document and track risk treatment plans. This includes evaluating AI/ML use cases (internal builds and third-party services) for security, data protection, and misuse risks.
Third‑Party Risk Management: Plan and execute third‑party risk assessments for suppliers and service providers, including review of third-party security questionnaires, trust documents, and remediation plans to ensure third-party security meets Cirrus Logic’s requirements.
Risk Analysis & Reporting: Analyze risks across technologies and business processes, prioritize remediation efforts based on business impact and likelihood, and prepare clear risk and control status reports for security leadership and key stakeholders.
GRC Tooling & Automation: Configure, administer, and optimize GRC tooling, such as ServiceNow GRC or OneTrust GRC, to support risk registers, control libraries, assessments, exceptions, and third-party workflows, including integration with IT and security platforms where appropriate.
Audit & Assessment Support: Coordinate and provide evidence for internal and external audits, customer security assessments, and certifications (e.g., ISO 27001, SOC‑related reviews), ensuring consistent, high‑quality responses.
Privacy & Regulatory Support: Partner with Legal, HR, and other stakeholders to identify and manage security‑related privacy and regulatory obligations; support privacy risk assessments and data protection controls as needed. Work with these stakeholders to assess privacy and data protection implications of AI/ML solutions, including data ingestion, training, and model outputs.
AI Risk & Governance: Define and maintain security and risk guardrails for the use of AI/ML technologies, including acceptable-use guidelines, control requirements, and review processes for new AI use cases and vendors.
Collaboration & Enablement: Act as a trusted advisor to the team members, IT, and business teams, helping translate security and risk requirements into practical, implementable solutions that align with engineering and operational realities. Partner closely with IT, engineering, and business teams to embed security, risk, and governance requirements into AI solution design and operations. Work effectively with a globally dispersed team across various time zones that Cirrus operates in.
Communication, Executive Presence & Awareness: Strong executive presence with outstanding written, verbal, and presentation skills. Ability to communicate complex risk, control, compliance, and program matters clearly and credibly to technical teams, business stakeholders, and executive leadership. Proven capability to develop high-quality executive-ready content, including presentations, briefings, and status updates that drive informed decision-making. Support and contribute to GRC awareness, communications, and training initiatives, including targeted awareness on the secure and responsible use of authorised AI tools.
