GRC Specialist

We are seeking a skilled and experienced GRC Specialist to join our team. The ideal candidate will have a strong background in Governance, Risk, and Compliance (GRC) and will help us develop, implement, and maintain our compliance and security programs. This role will be crucial in ensuring our organization’s adherence to regulatory standards, particularly in SOC 2 Type II, ISO 27001:2022, PCI DSS, and data privacy regulations.

Key Responsibilities:

• Develop, implement, and manage information security policies, procedures, and controls in alignment with SOC 2 Type II and ISO 27001:2022 requirements.
• Conduct regular audits and assessments to ensure compliance with relevant regulations, including SOC 2 Type II and ISO 27001 standards.
• Collaborate with cross-functional teams to implement and maintain an effective GRC framework.
• Conduct risk assessments and gap analyses to identify areas for improvement in data security and compliance.
• Lead and support efforts for ISO 27001:2022 certification processes, including preparation, documentation, and coordination of internal and external audits.
• Stay updated on changes in data privacy regulations, PCI DSS standards, and other relevant regulatory requirements.
• Provide training and guidance to employees on GRC best practices, policies, and compliance requirements.

• Minimum of 4 years of experience in a GRC, compliance, or information security role.
• Proven experience with SOC 2 Type II compliance and audits.
• Certified ISO 27001:2022 Lead Implementer or Lead Auditor.
• Strong understanding of risk management frameworks and best practices.

Preferred Qualifications:

• Familiarity with PCI DSS standards and requirements.
• Knowledge of data privacy regulations, such as GDPR or CCPA.
• Additional certifications, such as CISSP, CISA, or CISM, are a plus.

Skills and Competencies:

• Excellent communication and documentation skills.
• Strong analytical and problem-solving abilities.
• Ability to work collaboratively with different teams and stakeholders.
• Detail-oriented with a strong commitment to accuracy and compliance.