Cybersecurity Senior GRC Specialist

By making evidence the heart of security, we help customers stay ahead of ever-changing cyber-attacks.

Corelight is the cybersecurity company that transforms network and cloud activity into evidence.  Evidence that elite defenders use to proactively hunt for threats, accelerate response to cyber incidents, gain complete network visibility and create powerful analytics using machine-learning and behavioral analysis tools.  Easily deployed, and available in traditional and SaaS-based formats, Corelight is the fastest-growing Network Detection and Response (NDR) platform in the industry.  And we are the only NDR platform that leverages the power of Open Source projects in addition to our own technology to deliver Intrusion Detection (IDS), Network Security Monitoring (NSM), and Smart PCAP solutions.  We sell to some of the most sensitive, mission critical large enterprises and government agencies in the world.

Overview

We are seeking a highly motivated and experienced Cybersecurity Principal GRC Specialist to join our team. This role is crucial in monitoring, researching, analyzing, and interpreting relevant Commercial, DOD and state laws and regulations to ensure our practices comply with applicable legal and regulatory requirements. The ideal candidate will have extensive experience in compliance risk assessment, issues management, and developing and implementing compliance risk management processes. This position plays a key role in supporting the Governance Risk and Compliance team.

Responsibilities

• Implement compliance management methodologies and frameworks to drive consistency in analyzing, aggregating, reporting, and managing compliance risks.
• Support the organization's compliance risk assessment program by helping to establish the framework for evaluating inherent risk, residual risk, and the effectiveness of controls related to relevant federal laws and regulations.
• Create and prepare status reports on key compliance risk initiatives, risk assessment summaries, and other updates for presentation to senior executives, Board Committees, and regulators.
• Ensure compliance risk management processes are effective and representative of best practices.
• Develop processes to analyze, document, and monitor compliance risk decisions for products and services, ensuring thorough consideratio of risk in accordance with risk appetite.
• Monitor and analyze key compliance risks, issues, and trends by aggregating compliance risk data and monitoring/testing results collected across the organization via Governance, Risk, and Compliance (GRC) software..
• Serve as the Program Owner for the enterprise Compliance GRC technology, driving the long-term roadmap and strategic vendor management.
• Conduct effective challenge/oversight of 1st Line identified issues; ensure business units appropriately identify the issue, root cause, and implement remediation actions.
• Employ technical compliance expertise and apply issue management principles to triage and analyze complex compliance issues in collaboration with other stakeholders.
• Keep Compliance leadership and business units apprised of compliance status.
• Oversee and manage audits, compliance, and regulatory activities related to Cybersecurity, including internal and external audits.
• Collaborate with teams to automate manual compliance and control tasks for ongoing audit readiness.
• Build intuitive dashboards and reporting capabilities for stakeholders, providing real-time visibility into the compliance posture of critical business systems.

Qualifications

• Bachelor’s Degree in Computer Science, Information Systems, Management Information Systems, or a related field, or the equivalent combination of experience, education, and training.
• Minimum ten years of recent experience in audit, risk, and compliance within a professional services environment, or 8+ years of relevant work experience.
• Thorough knowledge of compliance issues, laws, and regulations. 
• Thorough knowledge of compliance, enterprise, and operational risk management.
• Extensive experience demonstrating an excellent understanding/ability to interpret and apply legislative and regulatory compliance guidelines. 
• Ability to analyze highly complex concepts and articulate logical, coherent, workable solutions and procedures.
• Ability to work independently on multiple assignments concurrently and to exercise independent judgment in establishing priorities.
• Ability to support and promote an effective, ongoing regulatory compliance program.
• Demonstrated ability to effectively communicate complex issues both verbally and in writing.
• Demonstrated highly effective interpersonal skills for working closely with internal and external organizational units.
• Ability to lead and manage projects.
• Familiarity with the AICPA Service Organizations Control reports (SOC1, SOC2, and SOC3), CMMC, and Data Privacy; proficient in audit testing, evaluation of control evidence, identification of control deficiencies, and facilitating the collaboration of remediation processes.
• Strong executive presence and exceptional communication skills, with experience in audit, compliance, regulatory discussions, and proactive readiness activities with internal partners and external clients.

Desired Qualifications

• Certification in related areas of compliance and/or risk management (e.g., ISO 27001 Lead Auditor, CDPSE, CISM, CISSP).
• Experience in conducting monitoring and assessing risk associated with regulatory compliance issues.
• Previous experience in implementing or managing Governance, Risk, and Compliance (GRC) tools, as well as developing dashboards and creating tools to automate tasks to enhance efficiency.
• Passion for continuous improvement, emerging technologies, and driving innovation with AI and automation.
• Capability to influence beyond the immediate team and engage with more experienced or senior individuals.
• Must be highly flexible and able to manage multiple tasks and priorities under tight deadlines.

We are proud of our culture and values - driving diversity of background and thought, low-ego results, applied curiosity and tireless service to our customers and community.  Corelight is committed to a geographically dispersed yet connected employee base with employees working from home and office locations around the world.  Fueled by an accelerating revenue stream, and investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight - we are rapidly expanding our team.  

Check us out at www.corelight.com