Senior GRC Specialist

Proven experience in GRC management
Experience with APIs and integration of GRC tools with enterprise systems (e.g., SIEMs, ticketing systems, cloud platforms)
Strong understanding of regulatory and compliance standards (e.g., GDPR, HIPAA, ISO 27xxx, PCI DSS, SOC 2)
In-depth knowledge of security framework controls as they apply to public cloud (GCP preferred), on-prem, SaaS and IaaS environments
Strong communication and collaboration skills, with experience working in cross-functional teams
Ability to communicate complex technical and compliance information effectively to both technical and non-technical audiences
Serve as a subject matter expert and advisor on complex security risk issues.

Design, develop, and maintain workflows to streamline GRC processes such as compliance monitoring, reporting, and risk assessments.
Implement and customize GRC platforms (e.g., Vanta, Archer, Auditboard, Anecdotes, etc.) using programming languages and APIs.
Build and maintain dashboards for real-time risk and compliance monitoring using data visualization tools.
Collaborate with IT and security teams to integrate GRC tools into CI/CD pipelines and enterprise systems.
Stay current with regulatory and industry standards (e.g., ISO 27001, SOC 2, HIPAA, GDPR, NIST) and ensure compliance requirements are met.
Support internal and external audits by providing automated solutions for data collection and evidence generation.
Prepare and maintain compliance documentation.

Certifications such as CISSP, CISA, or CRISC
Experience with DevSecOps practices and integrating security compliance into CI/CD pipelines
Hands-on experience with cloud environments (e.g., AWS, Azure, Google Cloud) and their compliance automation tools
Knowledge of risk management frameworks such as FAIR, COSO, or ISO 31000
Bachelor’s degree in Computer Science, Information Security, or related field