Official logo
Back to Careers

Senior Specialist, GRC

Job Brief

The Sr. Specialist GRC focuses on technology, cybersecurity, and information risk. This role ensures IT systems, infrastructure, and security controls align with regulatory requirements, industry standards, and internal policies. The specialist works closely with IT, Security, Engineering, and Audit teams to manage technology risks and support compliance initiatives.

Job Responsibilities

  • Develop and maintain IT policies, standards, and procedures
  • Support governance frameworks (e.g., ISO 27001, COBIT, NIST CSF, COSO)
  • Ensure alignment between business objectives, IT strategy, and security controls
  • Conduct IT and information security risk assessments
  • Evaluate technical controls across infrastructure, cloud, applications, and data
  • Support vulnerability management and control remediation tracking
  • Perform third-party IT and cybersecurity risk assessments
  • Support compliance with IT-focused regulations and standards (e.g., SOC2, ISO 27001, PCI DSS, SOX ITGCs, HIPAA Security Rules)
  • Coordinate IT audits and penetration testing activities
  • Collect, review, and maintain technical audit evidence
  • Monitor regulatory changes and assess business impact
  • Track remediation efforts and continuous improvement initiatives
  • Partner with IT Infrastructure, CyberSecurity, Technical/Application Support and DevOps teams
  • Prepare IT risk metrics, dashboards, and compliance reports
  • Support security awareness and control training initiatives

Job Qualifications

  • Bachelor’s degree in Information Systems, Risk Management, Business, Law, or a related field
  • 2+ years of experience in GRC, risk management, compliance, audit, or information security
  • Strong understanding of IT controls, cybersecurity principles, and system architecture
  • Experience with audits and regulatory examinations
  • Experience with cloud platforms and SaaS environments preferred
  • Excellent analytical, documentation, and communication skills
  • Experience in a regulated industry (PCI DSS, DPA, SOC2, etc.)
  • Risk assessment and control design
  • Regulatory and compliance analysis
  • Audit coordination and remediation management
  • Policy development and governance
  • Stakeholder communication and influence