Staff Level GRC Expert || 100% Remote || Urgentr Role

100% Remote || Urgentr Role

Location: US(Remote is fine but willing to work in EST/CST time zone)

Staff GRC, SOX & SOC Compliance

Who are you

You are a hands-on Governance, Risk, and Compliance (GRC) professional with deep experience in SOX IT General Controls (ITGC), audit coordination, and technology risk management within a complex enterprise environment. You bring strong execution capabilities combined with the ability to influence, guide, and drive consistency across stakeholders-reflecting the expectations of a Staff-level individual contributor.

You also possess a Juris Doctor (JD) or equivalent law degree, which uniquely enhances your ability to interpret regulatory requirements, assess risk through a legal and compliance lens, and ensure alignment between technical controls, contractual obligations, and regulatory frameworks. You apply legal reasoning to evaluate control adequacy, support defensible audit positions, and guide remediation strategies that are both compliant and sustainable.

You operate as a trusted advisor across technology, business, Internal Audit, and external auditors, helping teams strengthen the control environment while maintaining a pragmatic, execution-oriented approach. You are equally comfortable rolling up your sleeves to support walkthroughs and evidence reviews, as you are influencing cross-functional partners and driving alignment without direct authority.

Role Responsibilities

Development & Enforcement

• Support the design, execution, and continuous improvement of the organization's SOX ITGC program, with additional support for SOC 1, SOC 2, PCI, NIST, FTC, HiTrust, CSI, DNU readiness and reporting.
• Apply legal and regulatory expertise to ensure controls and compliance processes align with SOX ITGC program, with additional support for SOC 1, SOC 2, PCI, NIST, FTC, HiTrust, CSI, DNU, audit standards, and contractual obligations vendor, customer and staffing.
• Partner with control owners to ensure controls are properly designed, documented, and defensible from both an audit and legal perspective.
• Promote strong governance practices, consistency, and audit discipline across first line of defense (1LOD) teams.
• Identify opportunities to improve control maturity, documentation rigor, and compliance sustainability across the environment.
• Build Governance, Risk and Control program from the ground up and enforce compliance through MCA testing, Continuity of Business readiness, Audit support, General Risk Support.

Collaboration & Expertise

• Act as a key liaison between technology control owners, Internal Audit, external auditors, and business stakeholders.
• Provide subject matter expertise across SOX 302/404, IT SOC frameworks, and relevant regulatory obligations.
• Leverage legal training to interpret audit findings, regulatory expectations, and contractual requirements, providing risk-informed guidance to stakeholders.
• Influence cross-functional teams through clear, well-reasoned recommendations grounded in compliance, risk, and legal considerations.
• Build strong partnerships to ensure alignment, transparency, and readiness for audit and compliance activities.

Analysis & Configuration

• Evaluate the design and operating effectiveness of IT controls, identifying gaps, risks, and areas requiring remediation.
• Assess audit evidence for completeness, quality, and defensibility, ensuring alignment with auditor expectations and regulatory standards.
• Apply legal reasoning to assess risk exposure, control sufficiency, and documentation adequacy.
• Analyze trends in audit findings and control performance to recommend improvements.
• Support configuration and optimization of GRC tools and risk/compliance tracking systems.

Operational Support

• Coordinate and support day-to-day compliance activities, including walkthroughs, testing support, evidence collection, and audit response management.
• Partner closely with external auditors (e.g., EY) and internal stakeholders to ensure efficient and timely audit execution.
• Support the development of clear, well-documented audit responses that are factually accurate, complete, and legally sound.
• Track remediation activities and ensure closure plans are actionable and aligned with compliance requirements.
• Maintain transparency in status reporting and communication across stakeholders.

Mentorship & Training

• Provide leadership to junior team members and control owners on compliance expectations, audit preparedness, and control best practices.
• Leverage legal expertise to help stakeholders better understand regulatory intent, risk implications, and documentation standards.
• Support development of training materials, playbooks, and guidance that improve audit readiness and consistency.
• Lead by example through strong execution, sound judgment, and a collaborative, advisory approach.

Innovation and Research

• Stay informed on evolving regulatory requirements, audit expectations, and legal considerations impacting SOX, SOC, and IT compliance.
• Evaluate opportunities to improve compliance processes through automation, standardization, and simplification.
• Research emerging risks and compliance trends, translating them into actionable program improvements.
• Recommend enhancements that improve evidence quality, reduce manual effort, and strengthen audit defensibility.

Strategic Planning

• Contribute to the broader technology compliance strategy by identifying risk themes, control gaps, and improvement opportunities.
• Leverage legal perspective to inform prioritization of compliance initiatives and remediation efforts.
• Support audit planning, readiness strategies, and stakeholder alignment across the compliance lifecycle.
• Connect day-to-day execution with long-term program maturity goals and regulatory expectations.
• Influence the evolution of the compliance and control environment through expertise, insight, and cross-functional leadership.

Qualifications

Basic Qualifications

• 7+ years of experience in IT compliance, internal audit, risk management, or a GRC-focused role within a complex enterprise environment.
• 5+ years of hands-on experience with SOX IT General Controls (ITGC), including audit execution, walkthroughs, testing coordination, and remediation activities.
• Experience partnering with technology and business control owners to assess control design and operating effectiveness and drive remediation in a 1LOD environment.
• Experience working with Internal Audit and/or external auditors, including evidence coordination, walkthrough support, and issue resolution.
• Juris Doctor (JD) or equivalent law degree (required), with demonstrated ability to apply legal expertise across a growing Governance, Risk & Compliance organization, including:
• Reviewing and interpreting contracts, agreements, and vendor terms
• Applying legal and regulatory frameworks to compliance, audit, and risk functions
• Advising on governance standards, policies, and organizational controls
• Ensuring adherence to evolving regulatory requirements and industry standards
• Supporting data privacy, third-party risk management, and regulatory change initiatives
• Translating complex legal and regulatory language into actionable business guidance
• Strong understanding of risk management, regulatory compliance, and control frameworks.
• Ability to manage multiple workstreams and deliver high-quality work in a fast-paced environment.
• Strong communication skills, with the ability to translate complex compliance, technical, and legal concepts into clear guidance.
• Proven ability to work as a hands-on contributor while influencing across teams without direct authority.

Preferred Qualifications

• Deep knowledge of SOX Section 302/404, IT General Controls, and SOC 1 / SOC 2 frameworks.
• Familiarity with frameworks such as COSO, COBIT, and NIST.
• Experience operating within a second line of defense (2LOD) function.
• Strong presentation skills, including experience engaging with senior leadership and audit stakeholders.
• Ability to assess control gaps and recommend legally sound, sustainable remediation strategies.
• Proficiency in GRC platforms and audit management tools.
• Certifications such as CISA and/or CRISC preferred.
• Experience integrating legal, regulatory, and technical perspectives into compliance program design and execution.

Education

• Juris Doctor (JD) or equivalent law degree is required.
• Bachelor's degree in Information Systems, Accounting, Finance, Business, Cybersecurity, or a related field, or equivalent professional experience.
• Equivalent experience may include a High School Diploma/GED with additional relevant experience in lieu of a bachelor's degree (JD requirement still applies).