GRC Specialist
Share
Job Location:
Monthly Salary:
Posted on:
06-11-2025
Vacancies:
1 Vacancy
Job Summary
Wood Mackenzie is the global data and analytics business for the renewables energy and natural resources industries. Enhanced by technology. Enriched by human an ever-changing world companies and governments need reliable and actionable insight to lead the transition to a sustainable future. Thats why we cover the entire supply chain with unparalleled breadth and depth backed by over 50 years experience. Our team of over 2400 experts operating across 30 global locations are enabling customers decisions through real-time analytics consultancy events and thought leadership. Together we deliver the insight they need to separate risk from opportunity and make confident decisions when it matters most.
Wood Mackenzie Values
- Inclusive we succeed together
- Trusting we choose to trust each other
- Customer committed we put customers at the heart of our decisions
- Future Focused we accelerate change
- Curious we turn knowledge into action
Job Description
The role of the GRC Specialist is responsible for the day-to-day execution of governance risk and compliance (GRC) activities. This includes preparing for SOC and other audits collecting and organizing evidence responding to client/vendor security questionnaires and maintaining the accuracy of the cyber risk register.
The role works closely with IT Security Engineering and business stakeholders to ensure audit requests and client inquiries are addressed promptly and consistently. The Specialist ensures that risks exceptions and remediation actions are logged and tracked to completion providing a strong operational foundation for the Risk & Compliance program.
Key Responsibilities
Audit & Assurance Support:
- Collect and organize evidence for SOC2 and other internal audits.
- Track remediation items from audits ensuring timely closure with responsible teams.
- Maintain a repository of reusable audit evidence to streamline future cycles.
- Support the Risk & Compliance Lead in responding to auditor and assessor queries.
- Client & Vendor Security Questionnaires.
- Coordinate responses to customer and third-party security questionnaires.
- Collaborate with technical owners (Engineering IT Product) to provide accurate answers.
- Maintain a knowledge base of pre-approved responses to accelerate RFPs and renewals.
- Ensure responses are consistent with SOC2 reports and company policy.
Risk Register & Exception Management:
- Update and maintain the cyber risk register in coordination with the Risk & Compliance Lead.
- Record new risks assign owners and track remediation/progress.
- Document Policy Exception Risk Acceptance (PERA) approvals and expirations.
- Ensure risk data is kept current for reporting cycles.
Reporting & Metrics:
- Contribute data for quarterly risk and compliance dashboards.
- Provide metrics on questionnaire volumes audit findings and remediation timelines.
- Highlight overdue risks audit items or exceptions to the Risk & Compliance Lead.
Experience & Skills
- Experience in IT audit compliance or GRC operations.
- Familiarity with audit frameworks (SOC2 ISO 27001 GDPR).
- Strong organizational skills for evidence collection and tracking.
- Ability to manage multiple concurrent requests and deadlines.
- Clear written communication for client questionnaires and reports.
- Experience in SaaS data analytics or regulated industries.
- Exposure to vendor/supplier risk assessments.
- Experience using GRC platforms (ServiceNow GRC Archer or equivalent).
Equal Opportunities
We are an equal opportunities employer. This means we are committed to recruiting the best people regardless of their race colour religion age sex national origin disability or protected veteran status. You can find out more about your rights under the law at
If you are applying for a role and have a physical or mental disability we will support you with your application or through the hiring process.
Required Experience:
IC
Key Skills
- Sales Experience
- Crane
- Customer Service
- Communication skills
- Heavy Equipment Operation
- Microsoft Word
- Case Management
- OSHA
- Team Management
- Catheterization
- Microsoft Outlook Calendar
- EHS
About Company
Empower strategic decision-making in global natural resources with quality data, analysis and advice. Discover the latest insights and reports online.
