Senior GRC & Security Assurance Specialist

The Senior GRC & Security Assurance Specialist is responsible for designing, implementing, and overseeing the Client’s cybersecurity governance framework. This role acts as the bridge between technical security operations and corporate risk management, ensuring that the organization meets the highest global standards of compliance and resilience.

You will lead the effort to maintain "audit-ready" status across multiple frameworks (ISO, NIST, PCI), while proactively managing third-party risks and ensuring that security policies are not just documents, but operational realities.

What you will do:

Framework Management & Control Mapping

• Build, maintain, and optimize control frameworks aligned with ISO 27001, NIST CSF, PCI DSS, SOC 2, and DORA.
• Perform comprehensive cyber risk assessments and map security controls across diverse business and technical domains.
• Lead the creation, review, and enforcement of global security policies, standards, and procedures.

Audit Readiness & Assurance Testing

• Drive audit readiness programs, acting as the primary point of contact for internal and external auditors.
• Design and execute assurance testing to validate the effectiveness of technical and administrative security controls.
• Identify control gaps and partner with technical teams to develop and track remediation plans.

Third-Party & Supply Chain Risk

• Execute Third-Party Risk Management (TPRM) assessments to ensure vendors and partners meet the Client's security requirements.
• Develop supply-chain assurance models to mitigate risks associated with software and service providers.
• Utilize GRC tooling (e.g., ServiceNow, Archer, OneTrust) to automate risk tracking and compliance reporting.

Tools & Technologies:

• GRC Platforms: Proficiency in ServiceNow GRC, Archer, OneTrust, or LogicGate.
• Frameworks: Deep expertise in ISO 27001, NIST 800-53/CSF, PCI DSS, and SOC 2.
• Regulations: Familiarity with DORA, GDPR, and HIPAA.
• Audit Tools: Experience with automated compliance monitoring and evidence collection tools.

What you bring:

• 6–8+ years of experience in GRC, Information Security Audit, or Cyber Risk Management.
• Certification: CISA, CRISC, CISM, or ISO 27001 Lead Auditor (highly preferred).
• Strategic Accuracy: Ability to translate complex regulatory requirements into clear, actionable technical controls.
• Communication: Exceptional ability to communicate risk to both technical teams and executive leadership.
• Analytical Mindset: Expert at identifying patterns of risk and proposing scalable mitigation strategies.

Equal Opportunity Employer: