Architect, implement, and continuously mature the organization’s Governance, Risk, and Compliance (GRC) program
Lead organization-wide risk identification, analysis, and treatment processes
Lead end-to-end third-party risk management activities
Conduct formal risk assessments across infrastructure, application, vendor, and business process domains
Collaborate with cross-functional teams to integrate GRC principles into business processes and systems
Monitor evolving regulatory requirements, enforcement trends, and industry best practices
Provide guidance and training to employees on GRC policies, procedures, and best practices
Oversee the execution of audits, assessments, and compliance activities
Ensure documentation artifacts support evidentiary requirements for regulatory examinations and certification audits
Act as a liaison with external auditors, regulators, and stakeholders on GRC-related matters
Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives
Mentor and coach GRC analysts, fostering their professional development and growth within the organization
Drive continual improvement of the organization’s information security program
Identify and document cyber risks and manage mitigation
Assist with ad-hoc compliance reporting
Provide support to Information Security Incident Response team
Review architectural designs and new technology initiatives

Requirements

BS degree in Information Security, Risk Management, Business Administration, or related field
5+ years of experience in GRC, risk management, or related fields, with demonstrated leadership experience
Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) strongly preferred
Strong knowledge of regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS, CPRA) and industry standards (e.g., ISO 27001, NIST).
Expert in designing, implementing, and maintaining security solutions
Understanding of modern approaches to GRC such as Policy-as-Code and Compliance-as-Code
Experience developing and implementing GRC frameworks, policies, and procedures
Excellent analytical skills with the ability to assess complex risks and develop effective mitigation strategies
Exceptional communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization
Proven ability to lead and manage projects, including coordinating cross-functional teams and delivering results on time
Ability to adapt to a fast-paced and dynamic environment, with a focus on continuous improvement and innovation
Proficiency with security standards and secure configuration baselines such as CIS or OWASP
Proficiency with cloud-based solutions and web related technologies.

Benefits

Employer sponsored health, dental, vision, life, and disability insurance
Retirement plan with company contribution
Annual company profit sharing
Personal development/training budget
Open, collaborative work environment
Extensive 2-week onboarding plan
Comprehensive mentorship program

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Governance, Risk, and Compliance (GRC)risk managementrisk assessmentssecurity solutionsGRC frameworksPolicy-as-CodeCompliance-as-Codecyber risk managementanalytical skillscloud-based solutions

Soft Skills

leadershipcommunication skillsinterpersonal skillscollaborationproject managementadaptabilitycontinuous improvementmentoringcoachinganalytical thinking

Certifications

Certified Information Systems Security Professional (CISSP)Certified Information Security Auditor (CISA)Certified Information Security Manager (CISM)Certified in Risk and Information Systems Control (CRISC)