<p>Apply</p> <p>Description</p> <p>Summary: We are seeking a proactive, detail-oriented, and collaborative GRC (Governance, Risk, and Compliance) Specialist to join our cybersecurity team. This role plays a critical part in ensuring that our organization maintains strong compliance with evolving federal and state regulations while continuously improving our internal security policies, risk posture, and audit readiness.</p> <p>Key Responsibilities:</p> <p>Governance, Risk, and Compliance</p> <ul> <li>Monitor, interpret, and track cybersecurity regulations at both the federal and state levels to assess impact on business operations. </li><li>Develop, update, and maintain cybersecurity policies and procedures that align with industry standards (e.g., NIST CSF, ISO 27001, CIS Controls, CMMC). </li><li>Collaborate across departments to ensure policies are implemented and understood throughout the organization. </li><li>Conduct internal audits and control assessments to evaluate effectiveness and adherence to policies. </li><li>Create and maintain a risk register, help identify and assess risks, assign ownership, and track mitigation efforts. </li><li>Support business impact assessments and assist in maintaining business continuity strategies. </li></ul> <p>Training & Awareness</p> <ul> <li>Assist in designing and delivering cybersecurity training and awareness programs. </li><li>Track training metrics and ensure organization-wide compliance with awareness initiatives. </li></ul> <p>Frameworks & Certifications</p> <ul> <li>Provide support in preparing for security certifications (e.g., SOC 2, ISO 27001, CMMC). </li><li>Coordinate with external auditors or assessors, gather evidence, and support audit processes. </li></ul> <p>Incident Response Compliance</p> <ul> <li>Ensure incident response policies align with regulatory requirements. </li><li>Support post-incident reviews with a focus on documentation and lessons learned. </li></ul> <p>Third-Party & Vendor Risk</p> <ul> <li>Coordinate third-party risk assessments to ensure vendors meet security and data protection standards. </li><li>Track compliance of vendors and service providers against contractual and regulatory obligations. </li></ul> <p>Metrics & Reporting</p> <ul> <li>Develop and maintain dashboards or reports that measure compliance status, audit results, and risk posture. </li><li>Present findings and trends to the cybersecurity supervisor/director on a regular basis. </li></ul> <p>Requirements</p> <p>Requirements:</p> <ul> <li>Bachelor's degree in information technology, cybersecurity, or a related field, or equivalent relevant experience </li><li>3+ years of experience in cybersecurity GRC, compliance, or related fields </li><li>Working knowledge of major security standards (NIST, ISO 27001, CIS, etc.) </li><li>Strong understanding of U.S. federal and state cybersecurity laws and data protection regulations </li><li>Experience writing and managing cybersecurity policies and procedures </li><li>Ability to conduct risk assessments, audits, and support certification efforts </li><li>Familiarity with GRC tools and platforms (e.g., OneTrust, Archer, ServiceNow GRC) </li><li>Excellent verbal and written communication skills; able to communicate with technical and non-technical stakeholders </li><li>Strong organizational, time management, and project coordination skills </li></ul> <p>Preferred Qualifications (Nice to Have):</p> <ul> <li>Relevant certifications: Security+, CGRC, CISA, CRISC, or similar </li><li>Experience supporting SOC 2, ISO 27001, FedRAMP, ITAR or CMMC certification processes </li><li>Background in security awareness training or program development </li></ul>