Governance, Risk, and Compliance Specialist

CapTech is an award-winning consulting firm that collaborates with clients to achieve what’s possible through the power of technology. We are passionate about our work and the results we deliver for clients, including Fortune 100 companies, mid-sized enterprises, and government agencies across the country.

We are seeking a detail-oriented GRC Specialist to support our Governance, Risk, and Compliance functions. The role involves executing third-party risk assessments, managing security awareness training, supporting policy reviews, and assisting with information security compliance initiatives.

Key Responsibilities:

• Conduct technical risk evaluations of third-party tools, platforms, and services.
• Perform vendor due diligence according to SOC 2 and internal standards.
• Prepare and present assessment findings to the GRC Manager and Head of Information Security for review and approval.
• Make recommendations to improve vendor security posture.
• Implement and manage annual security awareness training programs.
• Maintain and deliver security training for new hires, aligned with company policies.
• Assist in maintaining and reviewing ITGRC policies and procedures, collaborating with policy owners to ensure they are current and aligned with controls.
• Support responses to information security questionnaires from clients or partners.
• Assist in evidence collection for audits and internal reviews.
• Contribute to broader GRC functions under the guidance of the GRC Manager.

Minimum Qualifications:

• 1–3 years of experience in Information Security, Risk, Compliance, or IT Audit.
• Relevant certifications such as Certified Governance, Risk, and Compliance (CGRC), Security+, or an equivalent, to be attained within an agreed timeframe.
• Understanding of SOC 2, NIST 800-53, and ISO 27001 or similar frameworks.
• Excellent communication skills, capable of conveying technical risks to non-technical audiences.
• Proficiency with Microsoft Office tools.
• Strong problem-solving, analytical, and critical thinking skills.
• Eagerness to learn and grow professionally.
• Highly organized with the ability to manage tasks independently and seek guidance when needed.
• Experience with vendor management or third-party risk assessments is preferred.
• Experience with SOC 2 and NIST 800-53 compliance is preferred.

We offer opportunities for career development tailored to your skills and passions. CapTech is committed to fostering a diverse, inclusive, and equitable work environment. For more information about our Diversity, Inclusion, and Belonging initiatives, please visit our website.

Note: CapTech cannot sponsor or transfer work visas for this position. Applicants must be authorized to work in the United States without sponsorship.