Senior GRC Specialist

The Senior GRC Specialist plays a critical leadership role in Authority's risk and compliance initiatives. This position is responsible for developing and managing GRC frameworks, overseeing key regulatory compliance programs (including PCI DSS, SOC 1 and SOC 2), conducting vendor risk and third-party assessments, and ensuring alignment with industry standards such as ISO 27001 and NIST. The individual will work across departments to drive a culture of risk awareness and regulatory accountability, while mentoring junior staff and managing high-impact risk and compliance projects.

Develop and maintain GRC frameworks and policies that align with industry standards and regulatory requirements such as PCI DSS, SOC 1, SOC 2, ISO 27001, NIST. Lead enterprise risk management (ERM) activities, including risk identification, assessments, mitigation planning, and maintenance of risk registers and treatment plans. Manage and continuously improve compliance programs for PCI DSS and SOC 1/SOC 2, including readiness assessments, evidence collection, audit coordination, and remediation tracking. Oversee the third-party risk management (TPRM) program, conducting vendor due diligence, security assessments, and contract reviews to ensure appropriate risk controls are in place. Evaluate third-party audit reports (e.g., SOC 2, ISO, PCI), assess control effectiveness, and work with stakeholders to address identified gaps or risks. Coordinate internal and external audits, ensuring timely and accurate responses to requests, and managing corrective action plans when necessary. Provide guidance and training on GRC policies, support awareness initiatives, and mentor junior team members or lead cross-functional risk and compliance projects. Leverage GRC tools and platforms (e.g., RSA Archer, ServiceNow GRC, LogicGate) to automate workflows, track compliance efforts, and generate risk and compliance reports for executive stakeholders.

Strong understanding of enterprise risk management and regulatory compliance standards. In-depth knowledge and hands-on experience with PCI DSS, SOC 1 / SOC 2, ISO 27001, and NIST CSF. Solid grasp of third-party risk management (TPRM) principles and practices. Experience assessing and managing risk associated with vendors and cloud service providers. Proficiency in reviewing and interpreting SOC reports, security assessments, and contractual obligations. Familiarity with GRC systems and platforms; experience with ServiceNow GRC, or similar tools preferred. Excellent analytical, problem-solving, and risk assessment skills. Strong communication skills, with the ability to translate complex security and compliance issues into business-relevant language. Ability to build cross-functional relationships and lead multi-departmental initiatives. Capable of managing multiple concurrent projects in a fast-paced environment.