GRC (Governance, Risk and Compliance) Specialist

• Provide input on compliance readiness in support of periodic risk assessments
• Where compliance initiatives may be at risk of meeting goals, contribute analysis to the Risk Register and be an active participant in whatever risk treatment is set in motion
• Contribute to executive reports to the Risk Committee
• Support external audit efforts by providing evidence pertaining to risk, policy and third-party governance
• Stay current with evolving regulatory compliance trends and report on them to Compliance Committee
• Core Knowledge
• Understanding of compliance frameworks and willingness to learn new ones
• Familiarity with the audit lifecycle and standards for evidence
• Foundational experience with IT systems and a wide range of technologies
• Understanding of relationship between administrative and technical controls
• Experience in a scripting or programming language to craft automations
• Skill in documenting
• Take a leadership role in the Internal Security Operations team as a compliance and audit expert
• Global Compliance program tracking and management
• Analyze and identify ways to convert manual compliance tasks, such as evidence collection, into automated solutions
• Author, edit and collaborate on internal policy efforts
• Support stakeholders by facilitating short-term documented exceptions to a standing policy
• Collaborate with risk analysts on performing internal audits or assessments
• Coordinate with external auditors and teams within the corporation to collect evidence for several audit initiatives
• Act as a subject matter expert answering prospective client questions about our security and compliance readiness
• Develop Disaster Recovery procedures for specific applications
• Advise and support security efforts, such as Business Continuity testing or the Business Impact Analysis, and ensure that they meet compliance and audit requirements
• During Incident Response, support the core team in researching compliance impact or other recordkeeping tasks during ongoing incidents
• Automate user access reviews and related security assurance activities and ensure that they meet compliance objectives
• Serve as the Quality Manager who facilitates ISO 9001 programs within the company
• Experience managing audits and third-party risk
• Pervasive sense of curiosity and drive to automate manual or tedious tasks
• Experience with, or an eagerness to learn, GRC and automation tools that help support work function
• Experience documenting complex situations in a way that conveys business impact
• Minimum of 6 years of experience in cybersecurity, risk or compliance
• Experience with ISO900 and SOC 2 compliance and audits

Disclaimer: The job location mentioned in this description is based on publicly available information or company headquarters. Candidates are advised to verify the exact job location directly with the employer before applying.