IT Governance and Risk SME

Job Title: IT Governance and Risk SME

Location: Remote

Duration: 6 Months

Position Overview:

We are seeking an experienced IT Governance and Risk Subject Matter Expert (SME) to lead and support enterprise-wide initiatives related to governance, risk, and compliance (GRC). This role focuses on evaluating and communicating how vulnerabilities, exceptions, issues, and compliance gaps manifest as aggregate business risk across technical and operational domains.

The ideal candidate will bring 7 12 years of hands-on GRC experience, with deep expertise in IT risk management, regulatory compliance, and security governance frameworks. The role requires strong cross-functional collaboration, risk interpretation skills, and a strategic mind-set to help business leaders make informed decisions.

Key Responsibilities:

• Lead risk analysis efforts to assess how technical control issues, vulnerabilities, and compliance exceptions contribute to overall enterprise risk posture.
• Maintain and improve governance and risk methodologies aligned with standards such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, SOX, GDPR, HIPAA, and PCI DSS.
• Act as a liaison between technical teams and business stakeholders to translate risk-related insights into actionable strategies.
• Support internal and external audit readiness by coordinating risk assessments, tracking issue remediation, and reporting on compliance gaps.
• Contribute to GRC tool usage (e.g., ServiceNow GRC, Archer, or MetricStream) for monitoring control health, exceptions, and residual risk.
• Collaborate with legal, compliance, audit, and IT operations to ensure integrated risk management practices across the enterprise.
• Aggregate data from multiple risk domains to develop executive-level dashboards, reports, and risk narratives that influence decision-making.
• Participate in the development and rollout of risk governance models, exception handling processes, and control improvement initiatives.

Required Qualifications:

• 7 12 years of professional experience in IT Risk, Governance, or Cybersecurity GRC functions.
• Strong working knowledge of risk frameworks such as NIST CSF, ISO 27001, COBIT, SOC 2, SOX, and GDPR.
• Demonstrated ability to interpret and connect vulnerabilities, policy violations, and exceptions to broader business risks.
• Experience with risk aggregation, remediation tracking, and reporting for internal/external stakeholders.
• Skilled in stakeholder engagement across risk, audit, compliance, and technical functions.
• Familiarity with GRC tools and platforms used to manage controls, exceptions, and assessments.

Preferred Qualifications:

• Certifications such as CISA, CRISC, CISSP, CGEIT, or equivalent.
• Experience working in regulated sectors such as finance, healthcare, insurance, or critical infrastructure.
• Hands-on experience with exception governance processes, risk acceptance workflows, and issue management.
• Understanding of how to design and implement scalable metrics for KRIs, control effectiveness, and risk trends.

Key Competencies:

• Strategic thinker with a strong grasp of enterprise risk management principles.
• Highly analytical with the ability to synthesize complex technical data into actionable business insight.
• Effective communicator skilled in developing risk reports, briefings, and dashboards for both technical and executive audiences.
• Strong collaboration and leadership skills within matrixed environments.
• Proactive, organized, and results-driven with a continuous improvement mind-set.