OneTrust GRC SME

Position: OneTrust GRC SME

Location: Houston, TX

Hiring Mode: 12 Months Contract

Job Description:

The OneTrust GRC Systems Engineer will serve as the technical owner and system administrator for the organization s Governance, Risk, and Compliance (GRC) platforms primarily OneTrust. The engineer will configure, integrate, and manage the lifecycle of GRC systems to support IT General Controls (ITGC), Data Privacy, Cookie Compliance, and IT Risk Management across IT and OT environments. The ideal candidate will be able to quickly assess the current environment, identify issues, and deliver an actionable remediation plan.

Develops & Maintains:

• GRC system configurations, data models, and workflow designs supporting evolving compliance and risk processes.
• API integrations between OneTrust and systems such as identity management, ServiceNow CMDB, and ticketing platforms.
• Dashboards, reports, and analytics for real-time visibility into control health, risk posture, and remediation progress.
• Documentation of system configurations, data flows, and integration logic for audit, transparency, and change tracking.

Governance & Release Management:

Manage intake of platform releases, review vendor release notes, assess impacts, and coordinate changes in alignment with IT change and release management practices.

Coordinates With:

• IT, cybersecurity, COE, GRC program owners, internal audit, IT operations, OT teams, and vendors for issue resolution, platform enhancements, and roadmap planning.
• Stakeholders to triage bugs, prioritize enhancements, and align GRC systems with broader governance strategies.
• End users to manage access requests, permissions, and troubleshooting.

Assesses & Monitors:

• System performance, integration reliability, and data accuracy, identifying opportunities for optimization.
• Automation and workflow effectiveness, recommending improvements.
• Enhancement/defect resolution throughput, ensuring timely execution and documentation.
• New GRC capabilities or vendor releases for alignment with business requirements and technology roadmaps.

Skills and Competencies Required:

• Hands-on experience supporting or engineering GRC platforms OneTrust required.
• Strong experience in system configuration, user administration, data management, and workflow customization.

API development & integration, including:

• FreeMarker (FTL) required for OneTrust Logic
• Preferred: RESTful APIs, JavaScript for middleware/webhooks, Python or PowerShell for automation, JSON for structured data work
• Solid understanding of ITSM processes (change, release, incident, configuration), aligned with ITIL.
• Working knowledge of governance frameworks such as NIST CSF, COBIT 2019, ISO 27001, and GRC best practices.
• Strong analytical capabilities, including experience with data visualization tools (Power BI, Tableau).
• Strong documentation, troubleshooting, and cross-team communication skills.

Ability to Achieve:

• Stable, secure, high-performing GRC platforms supporting compliance, audit, and cybersecurity needs.
• Streamlined IT risk, and workflow automation.
• Improved platform enhancements and data-driven insights.
• Stronger IT/OT governance maturity through scalable GRC technologies.
• Risk Assessment Process Support

The engineer will support enhancement of the risk assessment process to:

• Determine inherent risk
• Assign controls
• Collect evidence or create remediation issues
• Generate residual risk scoring
• Update asset records
• Deliver real?time dashboards
• Capabilities & Integration Work

ServiceNow CMDB - OneTrust Integration:

• APM record - OneTrust Inventory Asset creation/update
• Asset update triggers ITRM Risk Assessment
• Risk Assessment triggers:
• Control Templates
• Control Profiles
• Updates to Risk & Asset attributes
• Control Templates trigger:
• Implementations
• Evidence Collection
• Issues (remediation/exceptions)
• Risk scoring
• SNOW ticket creation
• Develop custom dashboards and build/maintain OneTrust integrations.