Cyber GRC Specialist

Job Summary

We are seeking a Cyber GRC Specialist to support and advance the company’s cybersecurity governance, risk management, and compliance (GRC) initiatives. The successful candidate will collaborate with Security, IT, Legal, Privacy, Compliance, and business teams to identify and manage cyber risk, implement controls, maintain compliance with applicable frameworks and regulations, and support continuous improvement of the security posture. This role requires a pragmatic, consultative approach and the ability to translate technical security concepts into business risk terms.

• Develop, maintain, and operationalize cybersecurity policies, standards, and procedures aligned with industry frameworks and regulatory requirements (e.g., NIST CSF, ISO 27001, SOC 2, PCI, relevant regional regulations).

• Support security governance forums and reporting to senior leadership and stakeholders on cyber risk, control effectiveness, and remediation progress.

• Collaborate with cross-functional teams to ensure security requirements are integrated into business processes, projects, and third‑party relationships.

• Conduct and coordinate risk assessments, control gap analyses, and threat/risk modeling for systems, applications, and third‑party services.

• Maintain the risk register, prioritize remediation activities, and track closure of identified vulnerabilities and control deficiencies.

• Perform vendor security and risk assessments; review third‑party contracts and recommend appropriate security controls and contractual language.

• Support internal and external compliance initiatives, audits, and certifications (e.g., SOC 2, ISO 27001), including evidence collection, control testing, and remediation coordination.

• Monitor regulatory and industry compliance requirements and translate obligations into practical control and process requirements across the organization.

• Prepare and maintain documentation, control narratives, and artifacts required for assessments and regulatory inquiries.

• Participate in incident response planning and post‑incident reviews; advise on control improvements and regulatory/contractual notification considerations.

• Collaborate with Security Operations and IT teams to ensure controls are effectively implemented, monitored, and improved based on lessons learned and evolving threats.

• Identify opportunities to automate control monitoring, reporting, and GRC workflows using GRC platforms and security tooling.

• Develop and deliver role‑based security awareness, GRC guidance, and targeted training for employees, contractors, and business partners.

• Provide practical, risk‑based advisory to Product, Engineering, IT, and business teams on secure design, control selection, and compliance requirements.

• Act as a trusted advisor for security and compliance questions related to new projects, cloud deployments, and third‑party integrations.

• Bachelor’s degree in Information Security, Computer Science, Cybersecurity, Risk Management, or a related field, or equivalent practical experience.

• 3+ years of demonstrated experience in cybersecurity GRC, risk management, compliance, or related roles within a commercial or regulated environment.

• Familiarity with common cybersecurity frameworks and standards (e.g., NIST CSF, ISO 27001, SOC
  2) and practical experience applying them.

• Experience performing risk assessments, vendor/security assessments, control gap analysis, and supporting audits or certifications.

• Working knowledge of cloud security concepts (AWS, Azure, GCP), identity and access management, and common security controls.

• Strong written and verbal communication skills with the ability to document controls, prepare executive reports, and communicate with technical and non‑technical stakeholders.

• Experience with GRC platforms, ticketing systems, and security assessment tools; comfortable working in cross‑functional, fast‑paced environments.

• Relevant certifications such as CISSP, CISM, CRISC, CGEIT,…