GRC Specialist – Governance, Risk, Compliance
BCM One
full-time
Posted on:
Location Type: Hybrid
Location: Philadelphia • Missouri, New York, Pennsylvania, Virginia • 🇺🇸 United States
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
ITSMServiceNow
About the role
- Maintain credentials at 100% pass rate
- Support the development, implementation, and maintenance of GRC frameworks (e.g., ISO 27001, SOC 2, GDPR, Cyber Essentials Plus)
- Conduct periodic risk assessments, control testing, and compliance monitoring across ITSM processes
- Assist in internal and external security/compliance audits by preparing evidence, reports, and remediation plans
- Maintain documentation of policies, procedures, and controls in alignment with global standards and regulatory requirements
- Administer and enhance ITSM platforms (e.g., ServiceNow, Jira Service Management) to ensure effective incident, problem, change, and request management processes
- Monitor and report on ITSM KPIs, SLAs, and OLAs to identify trends, risks, and opportunities for improvement
- Support change management processes to ensure security, compliance, and minimal operational disruption
- Collaborate with IT operations and security teams to ensure alignment between IT service delivery and compliance requirements
- Act as a liaison between IT, Security, and Compliance teams to ensure service delivery aligns with regulatory and contractual obligations
- Provide training and awareness sessions for ITSM and compliance best practices
- Recommend and implement process improvements to reduce risk and enhance efficiency in service delivery
Requirements
- Strong understanding of ITIL processes (incident, problem, change, request, asset/configuration management)
- GRC Framework Knowledge like ISO 27001, SOC2, NIST
- Experience with audits and compliance support
- Ability to identify, assess, and prioritize risks within the company
- Skilled in establishing and analyzing KPIs/SLAs/OLAs to monitor service quality and compliance performance
- Skilled at streamlining workflows and improving efficiency while maintaining compliance
- Keen attention to detail by ensuring accuracy in compliance documentation, service records, and audits
- Comfortable working cross functionally with security, IT operations, compliance, and business teams across multiple geographies
- Ability to explain technical and compliance concepts to non-technical audiences
- Experience building relationships and trust with internal and external stakeholders
- Thrives in a fast-paced, globally distributed environment with changing priorities
- A proactive mindset
- Required: 5+ years of combined experience in IT Service Management and Governance, Risk & Compliance within a global enterprise
- Working knowledge of compliance frameworks such as ISO 27001, SOC 2, GDPR, NIST or similar
- Experience preparing for and supporting internal and external audits
- Ability to analyze service metrics, identify trends, and recommend process improvements
- Strong communication skills, with experience working across global teams and time zones
Benefits
- Competitive industry salaries
- Comprehensive medical, dental, and vision insurance
- Company-provided life and disability insurance
- Matching 401 (k) plan
- Employee Emergency Assistance Fund
- Paid holidays and vacation time
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
GRC frameworksISO 27001SOC 2GDPRNISTITIL processesrisk assessmentscompliance monitoringKPI analysisaudit support
Soft skills
attention to detailcross-functional collaborationcommunication skillsrelationship buildingproactive mindsetability to explain technical conceptsadaptabilityefficiency improvementproblem-solvingstakeholder management