What are the responsibilities and job description for the GRC-Lead position at ONX?
About ONX Homes:
ONX Homes is an integrated Design Tech company on a mission to reshape the home building industry. Founded by construction experts, design thinkers, and technology leaders, we utilize human-centric design, environmentally conscious materials, and offsite manufacturing technology to create beautiful homes and sustainable communities. We partner with landowners and leverage our unique vertically integrated capabilities and advanced offsite construction facilities to build and deliver sustainable, high-quality homes in half the time of onsite construction.
GRC Lead Job Description :
ONX Homes India Pvt Ltd is seeking GRC Lead for our Global IT operations. This is an excellent opportunityfor a person with outstanding communication, cybersecurity background, strong governance, risk
management and compliance management.
In your role as a GRC Lead, you are responsible for assessing and managing an organization's governance, risk,
and compliance (GRC) landscape by identifying potential risks, ensuring adherence to regulatory
requirements, developing mitigation strategies, and reporting on compliance status, often focusing on
information security controls within a company; essentially acting as a bridge between security practices
and regulatory compliance.
You will be part of the support function, which is responsible for Global IT Technical Support, Vendor
Management, Asset management, IT procurement, IT Project Management.
This position will also oversee the ONX customer (Internal and External) data management and compliance
associated with our manufacturing factory equipment and operations in Homestead, Pompano Beach, and
Georgetown factories.
This description reflects the core activities of the role but is not intended to be all-inclusive, and other
duties within the group/department and in other locations may be required in addition to changes in the
emphasis of duties as required from time to time. There is a requirement for the candidate holding this
position to recognize this and adopt a flexible approach to work.
Key Responsibilities of a GRC Lead:
Data Classification:
Understand organization's data landscape (internal and external customer data) and
perform data classification. Support IT team to bring controlled environment, implement DLP based on data classification. Assists with the evaluation of the effectiveness of the information security program by developing, monitoring, gathering, and analyzing information security and compliance metrics for management.
Risk Assessment:
Conduct regular risk assessments to identify and prioritize potential security risks across the organization, including data breaches, system vulnerabilities, and non-compliance issues.
Compliance Monitoring:
Monitor compliance with relevant regulations and industry standards such as ISO 27001, GDPR, NIST800-53, and internal policies by reviewing procedures and conducting control testing. Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).
Control Gap Analysis:
Identify gaps in existing controls and recommend remediation actions to address
identified risks and ensure compliance.
Policy Development:
Contribute to the development and maintenance of security policies and procedures
to mitigate risks and promote compliance. Manages an exception review and approval process, and assures exceptions are documented and periodically reviewed.
Incident Response:
Assist in incident response activities by analyzing security incidents, identifying root
causes, and coordinating remediation efforts.
Reporting and Analysis:
Generate reports on risk assessments, compliance status, and key performance indicators (KPIs) to communicate findings to management and stakeholders.
Auditing Support:
Collaborate with internal and external auditors by providing documentation and supporting evidence for compliance audits.
Stakeholder Management:
Communicate effectively with different departments within the organization to ensure understanding of GRC requirements and promote a culture of compliance.
Required Skills and Qualifications:
Technical Knowledge:
Understanding of information security concepts, network infrastructure, system administration, and cybersecurity best practices.
Compliance Expertise:
Familiarity with relevant regulations and industry standards related to data privacy, financial reporting, and cybersecurity.
Analytical Skills:
Ability to analyze complex data, identify trends, and assess potential risks. Develops
reporting metrics, dashboards, and evidence artifacts.
Communication Skills:
Excellent written and verbal communication skills to effectively present findings and
recommendations to stakeholders.
Attention to Detail:
Meticulous attention to detail to ensure accuracy in compliance assessments and
reporting.
Work Environment:
Work is performed in an office environment or using standard information technology
equipment combined with specialized information security products.
Working conditions may require various shifts and/or weekends to provide incident response
operations, business continuity plans, or disaster recovery operations.
There is occasional travel between campuses or to off-site meetings.
Minimum Qualifications:
Associate’s degree in computer information systems or related discipline.
Minimum 10 years of applied work experience in cybersecurity programs, audits, assessments, risk, remediation, or cybersecurity compliance management.
Relevant Certifications:
Certified Information Systems Auditor (CISA) / Certified in Risk and Information Systems
Control (CRISC)
If this sounds like you, you should apply right away so we can discuss how you can be a part of this exciting, fast-paced organization!
ONX is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.
