IT GRC/ Cyber Security Product Owner

---

We are seeking for a highly skilled GRC/Cybersecurity Product Owner with a strong background in IT governance, risk, and compliance (GRC) and cybersecurity. The ideal candidate is a practitioner with hands-on experience in cybersecurity frameworks and regulatory compliance, who also possesses the ability to bridge the gap between technical and business requirements.

This person must be able to translate complex cybersecurity and compliance requirements into clear, actionable technical specifications while also simplifying technical details into layman’s terms for stakeholders. The candidate must have a strong technical understanding of security automation, risk management solutions, and cybersecurity processes.

Responsibilities:

• Define and manage the product backlog for cybersecurity and GRC solutions, prioritizing automation and efficiency
• Translate cybersecurity and compliance frameworks into actionable requirements that technical teams can implement.
• Work closely with cybersecurity practitioners to ensure product alignment with security frameworks and regulatory requirements.
• Develop and document detailed business and functional requirements, focusing on process improvement and security automation opportunities.
• Conduct detailed process mapping, data flow diagrams, and workflow documentation to enhance security and compliance solutions.
• Serve as a bridge between security teams, developers, and business stakeholders, ensuring clarity and alignment in project objectives.
• Translate technical security and compliance requirements into language that is easily understood by non-technical stakeholders.
• Identify and recommend security automation strategies to improve risk assessments, audits, and compliance reporting.
• Lead Agile product development efforts, ensuring adherence to SDLC best practices and iterative deployment methodologies.
• Evaluate and improve existing cybersecurity workflows to increase efficiency and scalability.
• Stay up-to-date with emerging cybersecurity frameworks, threats, and industry best practices.
• Act as both Scrum Master and Product Owner, facilitating Agile ceremonies and ensuring team adherence to Agile principles.

Qualifications:

• Strong background as a cybersecurity or GRC practitioner expertise with deep understanding of compliance frameworks
• (e.g., NIST, ISO 27001, SOC 2, PCI-DSS, HIPAA, FedRAMP, CMMC, GDPR) and practical experience as an IT compliance auditor or cybersecurity practitioner
• Product management skills: Ability to define and manage product backlogs, prioritize features, and translate business needs into technical requirements
• Technical proficiency: Familiarity with IT compliance software tools (e.g., Drata, Vanta) and security automation platforms, compliance tooling, and risk management solutions.
• Software development knowledge: Understanding of software engineering principles and experience working with development teams
• Ability to translate business needs into technical requirements and proven experience defining business requirements, process flows, and workflow documentation
• Hands-on experience with Agile methodologies, backlog grooming, sprint planning, and iterative development. Understanding of Agile principles and experience in Scrum Master and Product Owner roles.
• Problem-solving and critical thinking: Ability to analyze complex situations, think creatively, and develop innovative solution.
• Excellent communication skills to interact with both technical teams (engineers, architects, developers) and business stakeholders.
• Documentation skills: Proficiency in creating detailed process flows, data flow diagrams, and business requirements
• Adaptability and continuous learning: Willingness to stay updated on emerging cybersecurity frameworks, threats, and industry best practices.