Unit

GRC Specialist

Unit

full-time

Posted on:

Origin:  • 🇺🇸 United States • New York

Visit company website
AI Apply
Apply

Salary

💰 $100,000 - $120,000 per year

Job Level

Mid-LevelSenior

Tech Stack

AWSCloudKubernetes

About the role

  • Reporting to the Information Security Manager and supporting the company’s security program and compliance initiatives
  • Manage external security audits (e.g., PCI-DSS, SOC 2, SOC 1), including evidence collection, operation of GRC tools, collaboration with stakeholders, and reporting to auditors
  • Review and update security policies and procedures, and implement corrective actions based on audit findings and management feedback
  • Lead ongoing security and compliance tasks, such as user access review cycles and audit-related compliance initiatives across the organization
  • Drive security awareness and training activities, including phishing simulations, publishing security-related content, and leading company-wide Security & Privacy sessions
  • Collect and review security documentation from clients and conduct vendor assessments for various risk levels
  • Client-facing security tasks: answer security questionnaires, review legal contracts from a security perspective, maintain security knowledge base, and participate in security-related client calls
  • Operate and utilize GRC tools and serve as a go-to person for employees on security and compliance matters

Requirements

  • 5+ years of experience in GRC, information security, compliance, or related roles (preferably in fintech or banking)
  • Strong knowledge of security and privacy frameworks such as SOC 2, PCI DSS, GLBA, and CCPA
  • Familiarity with AWS security best practices is a must
  • Hands-on experience with compliance automation tools (e.g., Anecdotes)
  • Hands-on experience with vendor risk assessments and tools like Panorays
  • Experience creating compliance reports using CNAP tools (e.g., Wiz, Orca, Prisma Cloud)
  • Familiarity with Kubernetes concepts and architecture
  • Detail-oriented, proactive, and self-motivated
  • Excellent written and verbal communication skills in English
  • Relevant certifications (CISM, CISSP, CISO, CIPM) are an advantage
  • A technical background in cloud environments is an advantage
BitMEX

Technology Risk Lead

BitMEX
Seniorfull-time🇪🇺 Anywhere in Europe
Posted: 13 days agoSource: boards.greenhouse.io
AWSBootstrapCloud
P2P Labs & P2P Tech Services

Head of Cybersecurity

P2P Labs & P2P Tech Services
Leadfull-time🇵🇱 Poland
Posted: 12 days agoSource: jobs.ashbyhq.com
AWSCloudCyber SecurityGoGoogle Cloud PlatformJavaScriptKubernetesOraclePythonSDLC
iHerb, LLC

Director of Information Security

iHerb, LLC
Leadfull-time$206k–$276k / yearCalifornia · 🇺🇸 United States
Posted: 11 days agoSource: boards.greenhouse.io
CloudCyber SecuritySDLC
Onebrief

Cybersecurity Compliance Specialist

Onebrief
Senior · Leadfull-time$170k–$210k / year🇺🇸 United States
Posted: 4 days agoSource: jobs.ashbyhq.com
CloudCyber Security
FWG Solutions

Cybersecurity Planning Engineer

FWG Solutions
Junior · Midfull-time$85k–$130k / year🇺🇸 United States
Posted: 14 days agoSource: jobs.lever.co
AWSAzureCloudCyber SecurityGoogle Cloud PlatformTypeScript