IT Governance Risk Compliance Specialist

The IT Governance Risk & Compliance (GRC) Specialist is a key member of the IT and security team responsible for managing enhancing and supporting the organizations governance risk management and compliance initiatives. This role ensures continuous readiness for regulatory requirements internal policies and industry standards while partnering with Security Operations and Infrastructure teams to convert expectations into manageable processes. The GRC Specialist assists in audits risk assessments compliance documentation and maintains a strong security and governance posture.

The Exponential Technology Group (XTG) is a specialist in the electronic component distribution and design engineering services industries. XTG is part of the TTI Family of Companies. This position can be on-site / hybrid or remote position with the ideal candidate located in the DFW market.

ACCOUNTABILITIES:

Governance: Help create maintain and promote compliance with IT/security policies mapped to frameworks (NIST 800-171 ISO 27001 CMMC GDPR ITIL). Establish control baselines and collaborate with Security Ops for implementation. Run Policy Council cadence with stakeholders.

Risk Management: Establish and maintain IT risk register. Conduct IT risk assessments and support POA&M remediation. Monitor and report on risk posture and compliance gaps. Coordinate business impact analyses aligned with DR/BCP.

Compliance & Audit: Guide CMMC Level 2 program management (gap analysis POA&M tracking evidence collection). Maintain DFARS ITAR GDPR and other global regulatory requirements. Orchestrate internal/external audits and remediation. Prepare and maintain audit documentation for internal and external assessments. Maintain centralized evidence repository.

Operational Support: Collaborate on patching access reviews and configuration compliance. Assist in business continuity and disaster recovery planning documentation.

Security Alignment: Partner with Security Ops on controls to meet regulatory obligations. Own compliance documentation for incidents and lessons learned.

Third-Party & Supply Chain Risk: Run vendor due diligence and review contract/security clauses. Track service provider controls and exceptions.

Privacy: Coordinate with Legal/HR on privacy impact assessments data mapping retention and transfers. Confirm global privacy alignment in tooling and processes.

Training & Awareness: Create annual compliance training and maintain records. Provide targeted sessions for admins on evidence quality and audit readiness.

Reporting: Generate compliance dashboards and risk reports for leadership review. Deliver monthly compliance and risk dashboards. Provide quarterly briefings to leadership.

EDUCATION & EXPERIENCE:

Bachelors degree in Information Technology Cybersecurity or related field (or equivalent experience) and four (4) seven (7) years in security compliance audit with three (3) years managing GRC programs.

SKILLS & CERTIFICATION:

• Hands-on experience with NIST 800-171/CMMC DFARS ITAR GDPR.
• Knowledge of governance risk and compliance frameworks (ISO 27001 NIST CMMC GDPR).
• Familiarity with IT security controls and audit processes.
• Experience with audits POA&Ms evidence repositories.
• Strong analytical documentation and communication skills.
• Experience with GRC tools (e.g. ServiceNow GRC Archer) is a plus.
• Strong understanding of security operations.
• Preferred Qualifications:
  • CISSP CISM CRISC CISA ISO 27001 Lead Implementer/Auditor CMMC RP/CP.
  • CompTIA Security (for security knowledge).
  • DoD/government contractor experience.
  • Exposure to Berkshire Hathaway audit practices.
• Tools & Stack Exposure:
  • GRC/IRM platforms
  • Microsoft 365 Defender Sentinel Entra ID
  • Jira/ServiceNow
  • SharePoint vulnerability scanners backup/DR tools

What we offer our team members:

• A great benefits package that includes (but is not limited to): Medical/ Dental/ Vision 401(k)/Roth plan with matching Healthcare Savings Accounts.
  Educational Assistance (Tuition Reimbursement).
• Ongoing training throughout your employment with opportunities to participate in professional and personal development programs.
• A strong focus on giving back to our communities through philanthropic opportunities.
• Great culture and opportunities for growth and advancement.

This is a summary of the primary accountabilities and requirements for this position. The company reserves the right to modify or amend accountabilities and requirements at any time at its sole discretion based on business needs. Any part of this job descriptions is subject to possible modification to reasonably accommodate individuals with disabilities.

This position requires use of information or access to hardware which is subject to the International Traffic in Arms Regulations (ITAR). To perform the position you must be a U.S. Person as defined by ITAR. ITAR defines a U.S. person as a U.S. Citizen U.S. Permanent Resident (i.e. Green Card Holder) Political Asylee or Refugee.

Visa sponsorship is not available for this role. Only candidates authorized to work in the United States will be considered.

Exponential Technology Group Inc. (XTG) is an Equal Opportunity Employer and we support protected veterans and individuals with disability thorough our affirmative action program. XTG is a subsidiary of TTI a wholly owned subsidiary of Berkshire Hathaway Inc.

Required Experience:

IC