Governance, Risk, and Compliance Specialist

We are looking for a detail-oriented GRC Specialist to support our Governance Risk and Compliance functions. Youll focus on executing third-party risk assessments managing security awareness training supporting policy reviews and assisting with information security compliance initiatives.

Key Responsibilities:

• Conduct technical risk evaluations of third parties tools platforms and services.
• Perform vendor due diligence and appropriately advise the business on risk response decisions in accordance with SOC 2 and internal standards.
• Prepare and present assessment findings to the GRC Lead and Head of Information Security for final review and approval.
• Make recommendations to strengthen vendor security posture.
• Brainstorm document and formulate areas for Information Security improvement that balance risk with business operations and encourage efficiencies or innovation. 
• Construct security program content around key areas of corporate and cyber risk.
• Support the development and tracking of KPIs and KRIs to enable effective risk reporting and business insights.
• Maintain and deliver security training for new hires aligned with company policies.
• Assist in the maintenance and review of ITGRC policies standards and procedures collaborating with policy owners to ensure documents are current and aligned with controls.
• Support responses to information security questionnaires from clients or partners.
• Support evidence collection and communication between auditors and stakeholders for external audits and internal reviews.
• Learn and contribute to broader GRC functions under the guidance of the GRC Lead.

Qualifications :

• 13 years of experience in Information Security Risk Compliance or IT Audit.
• Certified Governance Risk Compliance (CGRC) Certified in Risk and Information Systems Control (CRISC) Security or agreed certification to be attained within agreed timeframe or other combinations of experience and relevant certifications preferred.
• Working understanding of SOC 2 NIST 800-53 and ISO 27001 or similar frameworks required. Prior experience with SOC 2 and NIST 800-53 compliance preferred.
• An understanding of AI governance risks (bias transparency and data privacy) and familiarity with frameworks such as NIST AI RMF ISO 42001 and AIUC-1.
• Experience or interest in GRC engineering including supporting configuration automation or workflows.
• Excellent oral and written communication ability especially for communicating technical risks to a non-technical audience.
• Strong knowledge of the Microsoft Office suite of tools.
• Strong problem-solving analytical and critical thinking skills.
• Eagerness to learn and grow.
• Highly organized and ability to manage tasks independently while seeking guidance when appropriate.
• Prior experience with vendor management or third-party risk assessments preferred.

Additional Information :

We want everyone at CapTech to be able to envision a lasting and rewarding career here which is why we offer a variety of career paths based on your skills and passions.  You decide where and how you want to develop and we help get you there with customizable career progression.

CapTech is an equal opportunity employer committed to fostering a culture of equality inclusion and fairness each foundational to our core values.  We strive to create a diverse environment where each employee is encouraged to bring their unique ideas backgrounds and experiences to the workplace. For more information about our Diversity Inclusion and Belonging efforts click HERE. 

At this time CapTech cannot transfer nor sponsor a work visa for this position. Applicants must be authorized to work directly for any employer in the United States without visa sponsorship.  

Remote Work :

No

Employment Type :

Full-time