Cybersecurity GRC Specialist

The Cybersecurity GRC Specialist will be responsible for developing, reviewing, and maintaining cybersecurity documentation including policies, procedures, standards, and guidelines. This role supports the Cybersecurity GRC team to ensure the organization’s compliance with internal policies, regulatory requirements, and industry best practices. The candidate will work closely with the cybersecurity project team to ensure all documentation is clear, audit-ready, and aligned with current frameworks.

• Collaborate with cybersecurity project teams to interpret technical and regulatory requirements
• Lead and support the implementation of ServiceNow Audit Management within the GRC function
• Translate complex regulatory or technical concepts into clear, accessible content
• Monitor and assess compliance with frameworks and standards (e.g., ISO 27001, NIST CSF, NIS 2, CRA)
• Conduct internal control testing and validation to identify gaps and vulnerabilities
• Review and maintain cybersecurity documentation (policies, procedures, standards, guidelines)
• Prepare documentation for audits, assessments, and regulatory reporting
• Track compliance metrics and monitor remediation activities
• Stay current on cybersecurity laws, regulations, and best practices, and suggest updates accordingly

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Certifications such as ISACA CRISC or CISA are advantageous
• Strong understanding of cybersecurity frameworks, regulations, and terminology
• Working knowledge of NIST CSF 2.0, ISO 27001, and ISA/IEC 62443
• Experience with GRC tools and control development/attestation
• Familiarity with cloud security and third-party risk management is a plus
• Highly meticulous and detail-oriented
• Excellent analytical, organizational, and communication skills
• Strong project management and stakeholder engagement abilities
• Fluent in written and spoken English, with the ability to clearly communicate complex topics