Governance, Risk & Compliance Team Lead

• Establish and lead a comprehensive Governance, Risk & Compliance (GRC) framework aligned with CBAR Information Security regulations, NIST CSF, and PCI DSS.
• Develop, implement, and maintain information security policies, standards, and procedures.
• Build and manage the information security risk register; ensure continuous risk identification, assessment, and mitigation tracking.
• Define and oversee access management governance, including RBAC models, access matrices, segregation of duties, and periodic access recertification.
• Lead vendor risk management processes: due-diligence, onboarding checks, contractual security clauses, and ongoing third-party monitoring.
• Drive PCI DSS certification readiness and ensure continuous compliance for payment facilitator operations.
• Coordinate internal, external, and regulatory audits, ensuring timely evidence collection, communication, and remediation tracking.
• Lead data classification and protection initiatives for safeguarding sensitive and regulated information.
• Develop, implement, and deliver security awareness and training programs across the organization.
• Implement and maintain GRC dashboards and metrics for management reporting on compliance, control effectiveness, and risk posture.
• Conduct periodic maturity assessments based on NIST CSF and develop a continuous improvement roadmap.

• Minimum 4 years of experience in Information Security, including 1 years in a GRC leadership or team lead role.

• Hands-on experience implementing and managing compliance programs aligned with:

  • CBAR Information Security regulations
  • VISA/PCI DSS
  • NIST Cybersecurity Framework (CSF)
• Strong expertise in access governance (RBAC, access recertification, privilege governance).
• Experience in vendor/third-party risk management, including due-diligence, security assessments, and control monitoring.
• Deep understanding of information security risk management methodologies; ability to maintain a full risk register and mitigation framework.
• Practical experience with data classification, data protection, and privacy controls (DLP, CASB, etc.).
• Proven ability to manage internal and external audits, evidence collection, and remediation follow-up.
• Experience developing and delivering security awareness programs.
• Strong analytical, communication, and stakeholder-management skills; ability to translate complex governance topics to both technical and business audiences.
  
   

Nice to have 

• Industry certifications such as CISM, CRISC, CISA, CISSP, ISO 27001 Lead Implementer/Auditor, or equivalent.

• One of the best business centers of Baku with spectacular sea view.
• Career growth and professional development in a dynamically developing
  company.
• Decent payment based on industry standards.
  An exciting opportunity to shape the product, with leadership committed to open dialogue and a team of purpose-driven colleagues.
• Unlimited Learning options: Access an array of learning opportunities to support your professional growth.
• Medical Insurance: Full medical coverage from day one.
• Corporate Mobile Number: Stay connected with a company-provided mobile
  number.
• Exclusive Discounts: Access the DəyərliSən app for discounts across various services and products within the PASHA Group.
• Sports & Wellness Programs: Enjoy discounted access to Push30 fitness and
  sports activities.