Join to apply for the principal ii, grc. role at herbalife 4 days ago be among the first 25 applicants overview recruiter - lorena padilla position reports to: cressida l. Stearns work schedule: hybrid, going to the office in gdl for 3 days position summary the principal ii of governance risk and compliance (grc) acts as a technical expert, focusing on providing expertise, guidance, and support on grc management topics. This role supports continuous improvement of grc management methodologies, tools and processes to ensure proactive oversight and management of the technology risk landscape. How you would contribute 10 years experience to provide technical expertise on cybersecurity, it governance and risk management tools and processes act as subject matter expert (sme) on cybersecurity and it governance risk management best practices identify it and is control weaknesses, regulatory compliance issues, and potential areas of risk across all segments of technology drive continuous improvement initiatives and innovative solutions to enhance the effectiveness of grc processes mentor team members to understand grc management best practices, policies and procedures maintain current knowledge of applicable regulations and policies relevant to gdts lead the design, development and implementation of new grc tools, processes and best practices across tech projects and programs design and implement training programs to enhance the skills and knowledge of team members in grc conduct regular audits to ensure compliance with internal policies and external regulations, and address any identified gaps develop a cooperative environment that fosters knowledge sharing and technical growth provide guidance for technology teams for full end-to-end implications of decisions in area of expertise perform analysis on the vulnerability scan reports to facilitate the reporting of metrics to management create metrics reports and dashboards for leadership ensure all processes and practices comply with industry standards and regulatory requirements maintain clear and effective communication with stakeholders to ensure alignment and transparency in project goals and progress lead the teams to deliver on time with acceptable level of deviation build key metrics for grc, coordinating with technology and cyber security teams regular review and maintain the grc model to ensure it remains effective and relevant what's special about the team governance risk and compliance is a global team collaborating with it, cybersecurity, privacy, enterprise risk among other risk teams in the company, to manage technology risks and provide proactive risk solutions. Our vision is to provide risk information to support fact-based decision making, aligned with our enterprise strategy. Qualifications skills and background required to be successful: excellent written and verbal communication skills in english. Communicates effectively to both technical and executive audiences. Strong interpersonal and influencing skills strong understanding vulnerability management strong technical knowledge of cybersecurity expert level knowledge in grc policies, procedures, tools and best practices expert level understanding of it landscape to be able identify and articulate gaps from a risk management and service continuity perspective deep knowledge of governance, risk and compliance requirements for the business knowledge of industry best practice risk management methodologies, tools, and processes creative problem solving and innovation able to work effectively and collaborate with multi-disciplinary teams certificates / training (must have) ccsp - cert cloud security professional cisa - certified information systems auditor cissp - cert information systems security professional cism - cert inform sec manager ceh - cert ethical hacker oscp - offensive security certified professional osce - offensive security certified expert education required bachelor's in information technology or equivalent preferred advanced technical degree terms of use cookie policy privacy policy j-18808-ljbffr