GRC (Governance, Risk and Compliance) Specialist

• Provide input on compliance readiness in support of periodic risk assessments
• Where compliance initiatives may be at risk of meeting goals, contribute analysis to the Risk Register and be an active participant in whatever risk treatment is set in motion
• Contribute to executive reports to the Risk Committee
• Support external audit efforts by providing evidence pertaining to risk, policy and third-party governance
• Stay current with evolving regulatory compliance trends and report on them to Compliance Committee
• Core Knowledge
• Understanding of compliance frameworks and willingness to learn new ones
• Familiarity with the audit lifecycle and standards for evidence
• Foundational experience with IT systems and a wide range of technologies
• Understanding of relationship between administrative and technical controls
• Experience in a scripting or programming language to craft automations
• Skill in documenting
• Take a leadership role in the Internal Security Operations team as a compliance and audit expert
• Global Compliance program tracking and management
• Analyze and identify ways to convert manual compliance tasks, such as evidence collection, into automated solutions
• Author, edit and collaborate on internal policy efforts
• Support stakeholders by facilitating short-term documented exceptions to a standing policy
• Collaborate with risk analysts on performing internal audits or assessments
• Coordinate with external auditors and teams within the corporation to collect evidence for several audit initiatives
• Act as a subject matter expert answering prospective client questions about our security and compliance readiness
• Develop Disaster Recovery procedures for specific applications
• Advise and support security efforts, such as Business Continuity testing or the Business Impact Analysis, and ensure that they meet compliance and audit requirements
• During Incident Response, support the core team in researching compliance impact or other recordkeeping tasks during ongoing incidents
• Automate user access reviews and related security assurance activities and ensure that they meet compliance objectives
• Serve as the Quality Manager who facilitates ISO 9001 programs within the company
  

Requirements

• Experience managing audits and third-party risk
• Pervasive sense of curiosity and drive to automate manual or tedious tasks
• Experience with, or an eagerness to learn, GRC and automation tools that help support work function
• Experience documenting complex situations in a way that conveys business impact
• Minimum of 6 years of experience in cybersecurity, risk or compliance
• Experience with ISO900 and SOC 2 compliance and audits
  

• Professional certifications such as CISA, CISM, CGEIT, CRISC, or CISSP
• Experience with scripting, programming, and/or workflow automation
• Experience with vendor governance and policy development
• Experience managing the audit lifecycle and working with auditors
• Experience managing a business impact assessment inventory or critical applications