GRC Specialist

Role Overview: The Security GRC Specialist III is a key member of the Governance, Risk, and Compliance (GRC) team, responsible for leading and executing various GRC services. This role involves providing expert consulting on Information Security, managing risk and compliance functions, and overseeing security programs.

Key Responsibilities:

• Lead process improvements and enhance control maturity using NIST and ISO 27001 principles.
• Apply the FAIR framework for accurate risk assessment and quantification.
• Develop and deliver detailed risk reports for senior management.
• Create and maintain security policies, standards, and documentation.
• Ensure IT systems meet cybersecurity and risk requirements.
• Conduct vendor and client risk assessments and manage security questionnaires.
• Administer GRC technology platforms and support security awareness training.

Qualifications:

• Bachelor s degree or 7 years of IT Security experience.
• 5 years of Information Security experience, with hands-on technical experience preferred.
• Proficiency in Cyber Risk Quantification and statistical analysis.
• Strong knowledge of security frameworks (ISO 27001, NIST) and the FAIR framework.
• Excellent communication and technical writing skills.
• Experience with GRC tools and security administration.
• Technologies/Software:
• Experience with Quantitative Risk Management applications.
• Knowledge of diverse security tools, SIEM, data encryption, and mobile device security.

Certifications:

• At least one certification such as CISSP, CISA, CISM, or FAIR.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.