GRC (Policies and Standards Authoring Expert)

Job Title: Policies and Standards Authoring Expert GRC
Location: Remote/Hybrid depending on company policy

Experience: 7 10 Years

Employment Type: Full-Time

Position Overview:

We are seeking a seasoned Policies and Standards Authoring Expert to lead the creation, revision, and governance of enterprise-wide Information Security and GRC-related documentation. This role demands a deep understanding of cybersecurity frameworks, regulatory compliance obligations, and IT governance models across multiple geographies.

The ideal candidate will bring 7 10 years of hands-on GRC experience, with demonstrated expertise in developing policies, standards, procedures, and guidelines that align with industry best practices and organizational risk tolerance.

Key Responsibilities:

• Author, review, and maintain a comprehensive library of information security, privacy, and IT governance policies and standards.


• Ensure all documentation aligns with leading frameworks such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, PCI DSS, HIPAA, DORA, and GDPR.


• Collaborate with legal, risk, privacy, audit, IT, and business teams to ensure policies are fit-for-purpose, legally defensible, and practically enforceable.


• Maintain a robust policy lifecycle governance process, including version control, approvals, and periodic review schedules.


• Develop accompanying procedures and guidelines to support policy adoption and operational integration.


• Lead internal reviews and gap assessments to benchmark policies against evolving regulatory or contractual requirements.


• Serve as subject matter expert on policy-related inquiries from internal stakeholders, regulators, and auditors.

Required Qualifications:

• 7 10 years of experience in Governance, Risk & Compliance (GRC), with a strong focus on policy and standards development.


• In-depth understanding of security and privacy regulatory frameworks, including but not limited to NIST, ISO, SOX, GDPR, HIPAA, and PCI DSS.


• Demonstrated expertise in writing formal governance documents for global or multinational enterprises.


• Excellent written communication skills, with proven ability to translate complex technical and legal content into clear, accessible policy language.


• Experience in policy management tools or document governance platforms (e.g., ServiceNow GRC, Archer, or SharePoint).


• Familiarity with organizational policy governance structures, risk ownership models, and compliance assurance practices.

Preferred Qualifications:

• Certifications such as CISA, CISM, CGEIT, CISSP, CRISC, or equivalent.


• Experience supporting regulatory audits or internal/external assessments related to policy compliance.


• Knowledge of cross-border regulatory differences between the US, UK, Canada, and the EU.


• Experience integrating policy frameworks with third-party risk, privacy, or secure software development standards.

Key Competencies:

• Precision-focused communicator with mastery in formal policy writing and editorial standards.


• Risk-aware strategist who understands how to balance security, compliance, and business flexibility.


• Strong collaboration and influence skills, able to align diverse stakeholder groups behind clear policy requirements.


• Highly organized and methodical, with a structured approach to policy lifecycle management and control mapping.


• Adaptive to regulatory change and evolving threat landscapes, with a mind-set for continuous improvement.

Job Title: Policies and Standards Authoring Expert GRC

Location: Remote/Hybrid depending on company policy

Experience: 7 10 Years

Employment Type: Full-Time

Position Overview:

We are seeking a seasoned Policies and Standards Authoring Expert to lead the creation, revision, and governance of enterprise-wide Information Security and GRC-related documentation. This role demands a deep understanding of cybersecurity frameworks, regulatory compliance obligations, and IT governance models across multiple geographies.

The ideal candidate will bring 7 10 years of hands-on GRC experience, with demonstrated expertise in developing policies, standards, procedures, and guidelines that align with industry best practices and organizational risk tolerance.

Key Responsibilities:

• Author, review, and maintain a comprehensive library of information security, privacy, and IT governance policies and standards.


• Ensure all documentation aligns with leading frameworks such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, PCI DSS, HIPAA, DORA, and GDPR.


• Collaborate with legal, risk, privacy, audit, IT, and business teams to ensure policies are fit-for-purpose, legally defensible, and practically enforceable.


• Maintain a robust policy lifecycle governance process, including version control, approvals, and periodic review schedules.


• Develop accompanying procedures and guidelines to support policy adoption and operational integration.


• Lead internal reviews and gap assessments to benchmark policies against evolving regulatory or contractual requirements.


• Serve as subject matter expert on policy-related inquiries from internal stakeholders, regulators, and auditors.

Required Qualifications:

• 7 10 years of experience in Governance, Risk & Compliance (GRC), with a strong focus on policy and standards development.


• In-depth understanding of security and privacy regulatory frameworks, including but not limited to NIST, ISO, SOX, GDPR, HIPAA, and PCI DSS.


• Demonstrated expertise in writing formal governance documents for global or multinational enterprises.


• Excellent written communication skills, with proven ability to translate complex technical and legal content into clear, accessible policy language.


• Experience in policy management tools or document governance platforms (e.g., ServiceNow GRC, Archer, or SharePoint).


• Familiarity with organizational policy governance structures, risk ownership models, and compliance assurance practices.

Preferred Qualifications:

• Certifications such as CISA, CISM, CGEIT, CISSP, CRISC, or equivalent.


• Experience supporting regulatory audits or internal/external assessments related to policy compliance.


• Knowledge of cross-border regulatory differences between the US, UK, Canada, and the EU.


• Experience integrating policy frameworks with third-party risk, privacy, or secure software development standards.

Key Competencies:

• Precision-focused communicator with mastery in formal policy writing and editorial standards.


• Risk-aware strategist who understands how to balance security, compliance, and business flexibility.


• Strong collaboration and influence skills, able to align diverse stakeholder groups behind clear policy requirements.


• Highly organized and methodical, with a structured approach to policy lifecycle management and control mapping.


• Adaptive to regulatory change and evolving threat landscapes, with a mind-set for continuous improvement.