Cybersecurity GRC (Governance, Risk & Compliance) Specialist

The Brattle Group a privately held global economics consulting firm is looking for a Cybersecurity GRC (Governance Risk & Compliance) Specialist to join our Boston MA office. The Cybersecurity GRC Specialist is responsible for working with the Manager of Cybersecurity to implement and manage the firms Governance Risk and Compliance framework. The role focuses on aligning policies and controls with industry regulations performing risk assessments supporting compliance audits and promoting a culture of accountability and ethical conduct.

Some of the day-to-day responsibilities of this role include:

• Develop and maintain internal policies and procedures that support compliance with industry regulations (e.g. ISO 27001 NIST SOC 2 GDPR) including maintaining POA&Ms and ATU artifacts
• Perform regular risk assessments and update the firms risk register.
• Collaborate with IT and Legal teams to address risks and control deficiencies.
• Monitor regulatory changes and evaluate their impact on firm operations.
• Provide support during internal and external audits including evidence gathering.
• Lead or support compliance training sessions and awareness campaigns for staff.
• Lead initiatives for compliance automation continuous control monitoring and process optimization.
• Maintain third-party risk management documentation and review vendor contracts for compliance implications.
• Lead external annual external penetration and vulnerability testing and analysis.
• Update and manage governance documents risk management policies and compliance tracking logs.
• Maintain audit trail documentation for regulatory and internal control requirements.
• Contribute to annual compliance reports and board-level risk summaries.

THE CANDIDATE

• Bachelors degree in Business Law Information Systems or a related field
• 35 years of experience in GRC internal audit compliance or risk management
• Familiarity with GRC platforms (e.g. ServiceNow GRC Archer LogicGate)
• Working knowledge of risk assessment methodologies and control frameworks
• Understanding of privacy laws and data protection requirements
• One or more certifications such as CRISC CISA CIPP CISSP or CISM
• Experience conducting control testing and compliance audits
• Ability to interpret legal and regulatory texts into business requirements

Brattle offers a competitive benefits package base salary and bonus program for eligible roles based on individual and firm performance. The anticipated base gross salary range for this position in Boston MA is $105000$115000 annually. Actual salary will depend on a variety of factors including experience and training.

This position is not eligible for immigration sponsorship.

THE EMPLOYER

The Brattle Group answers complex economic finance and regulatory questions for corporations law firms and governments around the world. We are distinguished by the clarity of our insights and the credibility of our experts which include leading international academics and industry specialists. Brattle has 500 talented professionals across North America Europe and Asia-Pacific. For more information please visit .

EQUAL OPPORTUNITY

The Brattle Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color creed religion citizenship status national origin ancestry sex gender identity and expression age height weight domestic partner status Acquired Immune Deficiency Syndrome or HIV status (AIDS/HIV status) genetic information sexual orientation disability (where the applicant or employee is qualified to perform the essential functions of the job with or without reasonable accommodation) marital status veteran status political affiliation drug or alcohol abuse or alcoholism or any other characteristic protected under applicable law.

We encourage all applicants to click here to review our full Equal Employer Opportunity Statement.