Cybersecurity Governance, Risk & Compliance (GRC) Specialist

Job Openings Cybersecurity Governance, Risk & Compliance (GRC) Specialist

Cybersecurity Governance, Risk & Compliance (GRC) Specialist

We are seeking a Cybersecurity GRC Specialist to develop, implement, and manage comprehensive governance, risk, and compliance programs aligned with leading cybersecurity frameworks including NIST Cybersecurity Framework, ISO 27001/27002, MITRE ATT&CK, and CIS Controls to ensure organizational security posture and regulatory compliance.

Framework Implementation & Management

• Implement and maintain NIST Cybersecurity Framework across organizational functions (Identify, Protect, Detect, Respond, Recover)

Develop ISO 27001/27002 Information Security Management System (ISMS) and manage certification processes

Map organizational security controls to CIS Controls and ensure implementation across all critical security functions

Integrate MITRE ATT&CK framework for threat modeling, risk assessment, and security control validation

Establish governance structures, policies, and procedures aligned with multiple cybersecurity standards

Conduct comprehensive cybersecurity risk assessments and business impact analyses

Develop risk treatment plans including risk acceptance, mitigation, transfer, and avoidance strategies

Maintain enterprise risk registers and ensure regular risk review and update processes

Perform gap analyses against security frameworks and develop remediation roadmaps

Create risk-based metrics and KPIs for executive reporting and board communications

Compliance & Audit Management

Manage regulatory compliance programs including SOX, PCI-DSS, HIPAA, GDPR, and industry-specific requirements

Coordinate internal and external security audits and manage audit finding remediation

Develop compliance monitoring programs and automated compliance reporting capabilities

Maintain evidence collection and documentation for compliance demonstrations

Support vendor risk assessments and third-party security evaluations

Policy & Governance Development

Develop comprehensive cybersecurity policies, standards, and procedures aligned with business objectives

Establish security governance committees and risk management oversight structures

Create security awareness training programs and ensure organization-wide policy compliance

Manage policy lifecycle including review, approval, communication, and periodic updates

Coordinate cross-functional collaboration for security program implementation

Technical Skills

5+ years experience in cybersecurity governance, risk management, or compliance roles

Expert knowledge of NIST Cybersecurity Framework, ISO 27001/27002, CIS Controls, and MITRE ATT&CK

Strong understanding of regulatory requirements (SOX, PCI-DSS, HIPAA, GDPR) and compliance methodologies

Experience with GRC platforms (ServiceNow GRC, RSA Archer, MetricStream) and risk management tools

Knowledge of security control frameworks and security architecture principles

Proficiency in risk assessment methodologies and quantitative risk analysis techniques

Governance Skills

Proven experience developing and implementing enterprise security governance programs

Strong understanding of business continuity, disaster recovery, and crisis management

Experience with vendor risk management and third-party security assessments

Knowledge of board reporting and executive communication for cybersecurity topics

Preferred Qualifications

Bachelor's degree in Cybersecurity, Risk Management, Business Administration, or related field

Professional certifications (CISSP, CISA, CRISC, CISM, ISO 27001 Lead Auditor)

Experience with cloud compliance frameworks (SOC 2, FedRAMP, CSA CCM)

Background in internal audit or external consulting for cybersecurity assessments

Knowledge of emerging regulations and privacy frameworks