Governance Risk Compliance Specialist

Job Summary

We are seeking an Advanced Governance, Risk & Compliance (GRC) Specialist to join our global technology organization. In this role (typically requiring 3–5 years of GRC experience), you will play a key role in driving the execution, consistency, and maturity of our enterprise GRC program.

You will independently manage defined areas of the GRC lifecycle, lead portions of risk and compliance initiatives, and act as a trusted partner to technology and business stakeholders. The ideal candidate demonstrates strong judgment, hands‑on experience with GRC platforms, and the ability to translate complex requirements into practical, scalable controls and processes.

Key Responsibilities

Risk Management & Compliance

• Own and maintain assigned portions of the enterprise risk register, including risk identification, assessment, and ongoing monitoring.
• Lead risk assessments and compliance activities aligned to frameworks such as NIST CSF, ISO 27001, and SOC 2, with minimal supervision.
• Review, validate, and challenge control designs, evidence, and remediation plans to ensure completeness and effectiveness.
• Support audit and assurance activities by coordinating evidence collection and responding to auditor inquiries.

GRC Platform Ownership

• Serve as a subject‑matter contributor for one or more GRC platforms (e.g., Archer, NAVEX, MetricStream, ServiceNow GRC).
• Configure and maintain workflows, assessments, issue management, and reporting capabilities.
• Partner with stakeholders to improve tool adoption, data quality, and usability across the GRC ecosystem.

Process Design & Optimization

• Design, document, and continuously improve end‑to‑end GRC processes, ensuring alignment with enterprise standards.
• Identify inefficiencies or gaps in existing processes and drive remediation through automation, simplification, or standardization.
• Contribute to the development of SOPs, playbooks, and guidance used across GRC and partner teams.

Cross‑Functional Partnership

• Act as a primary GRC point of contact for assigned IT, Security, Legal, and business teams.
• Provide guidance on interpreting compliance obligations and implementing controls in real‑world environments.
• Influence stakeholders to adopt risk‑informed decisions while balancing business objectives.

Reporting & Executive Communication

• Develop clear, actionable risk and compliance insights for leadership and governance forums.
• Create and maintain dashboards, metrics, and recurring reporting that support decision‑making and program transparency.
• Escalate material risks and issues with appropriate context and recommended actions.

Program Maturity & Innovation

• Contribute to strategic initiatives that advance GRC maturity, consistency, and scalability.
• Stay current on emerging regulatory trends, security frameworks, and industry best practices.
• Support modernization efforts, including the use of automation, data analytics, and AI‑enabled GRC capabilities.
• Provide informal mentoring and knowledge‑sharing support to less‑experienced GRC team members.

Qualifications & Experience (Required)

Experience

• 3–5 years of experience in governance, risk, compliance, audit, or related roles within a technology environment.
• Demonstrated experience leading risk or compliance activities independently.

Technical & Tooling Skills

• Hands‑on experience administering or significantly supporting enterprise GRC platforms (Archer, NAVEX IRM, MetricStream, ServiceNow GRC, or similar).
• Strong understanding of IT general controls, security controls, and risk assessment methodologies.

Framework & Regulatory Knowledge

• Solid working knowledge of NIST CSF, ISO 27001, SOC 2, and related cybersecurity or regulatory frameworks.
• Ability to interpret requirements and translate them into scalable control activities and documentation.

Professional Skills

• Strong analytical and critical‑thinking skills, with the ability to assess risk trade‑offs.
• Clear, confident written and verbal communication skills, including experience presenting to senior or non‑technical audiences.
• Proven ability to manage multiple initiatives, prioritize effectively, and work with minimal direction.

Education

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field
  (or equivalent professional experience).