Information Security Governance, Risk and Compliance Specialist
We are seeking a highly skilled Information Security Governance, Risk and Compliance (GRC) specialist to play a pivotal role in shaping cybersecurity policies, managing risks, and driving governance initiatives.
As a key member of the team, you will be responsible for developing, implementing, and maintaining cybersecurity policies, standards, and procedures. You will also support internal and external audits with expert recommendations to address cyber risks and compliance gaps.
The ideal candidate will have a minimum of 6 years of experience in information security, with at least 3 years in GRC. They will possess a solid understanding of security controls across tools and technologies, backed by hands-on experience in security operations.
The successful candidate will be able to work collaboratively as part of a fast-paced environment. They will have strong communication and stakeholder engagement skills, and be able to adapt to changing priorities and deadlines.
A competitive salary and benefits package is available, including opportunities for professional development. We celebrate diverse perspectives and strive to create an inclusive workplace culture.
If you are passionate about our mission and committed to making a meaningful impact, we encourage you to apply.
Key Responsibilities:
* Developing, implementing, and maintaining cybersecurity policies, standards, and procedures
* Supporting internal and external audits with expert recommendations to address cyber risks and compliance gaps
* Assisting in risk assessments and identifying areas for improvement
* Managing a compliance calendar to ensure timely completion of key activities
* Conducting control and compliance assurance activities to verify adherence to cybersecurity standards
* Maintaining a central repository for GRC documentation to support audit readiness
* Coordinating identity and access reviews to promote security best practices
* Assisting with IT and OT risk assessments and providing actionable mitigation strategies
Requirements:
* Minimum 6 years of experience in information security, with at least 3 years in GRC
* Solid understanding of security controls across tools and technologies, backed by hands-on experience in security operations
* Familiarity with frameworks and standards such as NIST RMF and NIST 800-53
* Experience in both IT and OT environments, ideally within the industry
* Proven ability in information security, risk assessments, policy development, and controls testing
* Experience with GRC platforms like ServiceNow or Archer
* Strong communication and stakeholder engagement skills