IT GRC Advisor (100% Remote)

Position Summary

The Senior IT GRC Advisor is responsible for performing IT risk assessments and partnering with leadership on risk, control, and compliance matters. This role leads and supports IT audit and advisory engagements and works closely with stakeholders to identify risk mitigation strategies and corrective actions that strengthen the overall control environment.

Key Responsibilities

• Conduct IT risk assessments and provide advisory support related to risk management, controls, and compliance
• Lead and execute IT audit and advisory engagements across information systems, infrastructure, and IT processes
• Identify high?risk areas and assess the adequacy of policies, procedures, and controls, benchmarking against industry standards and frameworks such as COBIT, NIST, ITIL, and other recognized authorities
• Partner with management to design and implement mitigation strategies and corrective action plans
• Advise on IT initiatives and projects by providing risk management expertise to ensure risks are identified, assessed, and reduced to acceptable levels
• Perform third?party risk assessments, including cloud service providers, to evaluate compliance with contractual obligations, regulatory requirements, and security best practices
• Develop, maintain, and enhance risk management methodologies, tools, templates, internal resources, and reporting to support effective GRC programs
• Contribute to the development and enforcement of GRC policies, standards, and procedures to strengthen internal controls
• Support and co?facilitate enterprise?wide risk assessments (IT, strategic, operational, financial, compliance, etc.)
• Provide recommendations to leadership for improving the overall control and risk management environment
• Design and deliver training and awareness programs focused on IT controls and risk management
• Perform additional GRC?related responsibilities as assigned

Required Qualifications

• Bachelor’s degree in a technology, information systems, audit, or related field
• Minimum of 5 years of experience in IT auditing, IT security, or IT risk management
• At least 5 years of experience leading, planning, and executing complex IT audit and advisory engagements
• Strong technical knowledge of IT infrastructure, cybersecurity risks, operating systems, databases, networking, and cloud technologies
• Experience conducting risk?based operational and/or technical audits
• Ability to manage multiple projects simultaneously with minimal supervision
• Strong analytical, consulting, and project management skills
• Excellent interpersonal skills, including interviewing, facilitation, and stakeholder engagement
• Clear and effective verbal, written, and presentation skills
• Professional certifications such as CISA, CISSP, and/or CISM

Preferred Qualifications

• Experience conducting cloud platform audits (e.g., AWS)
• Experience performing AI audits and AI governance assessments
• Working knowledge of the HIPAA Security Rule