GRC Specialist
BCM One
full-time
Posted on:
Location Type: Hybrid
Location: Herndon • Missouri • Pennsylvania • United States
Visit company websiteExplore more
Tech Stack
About the role
- Support development, implementation, and maintenance of GRC frameworks (e.g., ISO 27001, SOC 2, GDPR)
- Conduct risk assessments, control testing, compliance monitoring, and third-party security evaluations
- Assist with internal/external audits by preparing evidence, reports, and remediation plans
- Maintain documentation of policies, procedures, and controls per global standards
- Collaborate with Privacy/Legal on data protection and facilitate privacy impact assessments
- Facilitate Business Impact Assessments and oversee Business Continuity testing and updates
- Monitor and report on Security GRC metrics to identify risks and improvement opportunities
- Support change management to ensure security and compliance with minimal disruption
- Coordinate between IT, Security, and Compliance teams to align service delivery with regulatory requirements
- Deliver training and awareness programs, including phishing simulations and compliance education
- Recommend and implement process improvements to reduce risk and enhance operational efficiency
Requirements
- 5+ years of experience in Security Governance, Risk & Compliance
- Strong knowledge of GRC frameworks such as ISO 27001, SOC 2, NIST 800-53, CIS Controls, GDPR
- Proven experience supporting internal and external audits
- Ability to identify, assess, and prioritize risks using risk-based thinking and sound judgment
- Skilled at monitoring security and compliance performance through KPIs, SLAs, and OLAs
- Strong documentation, analytical, organizational skills, and attention to detail
- Ability to manage multiple priorities and deadlines in a fast-paced, global environment
- Excellent communication skills, able to explain technical and compliance concepts to non-technical audiences
- Experience working cross-functionally with IT, security, compliance, and business teams across geographies
- Proactive mindset with a commitment to integrity, confidentiality, and continuous learning
- Preferred: Security/GRC certifications (e.g., CISSP, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, CompTIA Security+)
- Preferred: Experience with IT Service Management, systems administration, and regulated industries (telecommunications, finance, healthcare)
- Preferred: Experience working in global, multicultural teams and adapting to diverse cultures.
Benefits
- Competitive industry salaries
- Comprehensive medical, dental, and vision insurance
- Company-provided life and disability insurance
- Matching 401 (k) plan
- Employee Emergency Assistance Fund
- Paid holidays and vacation time
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
GRC frameworksISO 27001SOC 2NIST 800-53CIS ControlsGDPRrisk assessmentscontrol testingcompliance monitoringBusiness Impact Assessments
Soft Skills
analytical skillsorganizational skillsattention to detailcommunication skillsrisk-based thinkingproactive mindsetability to manage multiple prioritiescollaborationtraining and awareness deliveryadaptability
Certifications
CISSPCRISCCISAISO 27001 Lead ImplementerISO 27001 AuditorCompTIA Security+