GRC Specialist (1030)

Charlotte, NC, US • Posted 1 day ago • Updated 2 hours ago

Full Time

On-site

Fitment

Dice Job Match Score™

🫥 Flibbertigibetting...

Job Details

Skills

Process Improvement
Reporting
Penetration Testing
Data Flow
Hosting
Data Security
Encryption
Identity Management
Collaboration
Regulatory Compliance
Decision-making
Banking
Financial Services
SaaS
IaaS
Information Security
Cyber Security
Gramm-Leach-Bliley Act
ISO/IEC 27001:2005
Privacy
Operating Systems
Database
Communication
Organized
Attention To Detail
Management
Microsoft Excel
JIRA
Risk Management
SAP GRC
Risk Assessment
System On A Chip
Security+
CompTIA
Cloud Computing
Amazon Web Services
Microsoft Azure
Google Cloud Platform
Google Cloud
Cisco Certifications
ISACA

Summary

LOCATION: Hybrid - Charlotte, NC

Contract, potentially to hire

W2 only - NO 3RD PARTIES PLEASE

As an Associate within GRC, you will play a vital role in protecting information assets by conducting comprehensive risk assessments, collaborating with stakeholders, and driving process improvements. Reporting to the Head of Security Risk Assessments, you will help shape security risk management practices and ensure compliance with internal and external standards.
Core Responsibilities

Perform information security risk assessments for new and existing SaaS and cloud-based solutions, client initiatives, and regulatory-driven requests.
Review and assess third-party security postures by analyzing SOC 1 and SOC 2 reports, ISO 27001 certifications, penetration test summaries, SIG responses, and security questionnaires.
Evaluate SaaS architectures, data flows, and hosting models, with particular attention to data protection, encryption, identity and access management, logging, and monitoring.
Identify control gaps, assess both inherent and residual risk, and partner with stakeholders to define practical mitigation strategies or compensating controls.
Translate technical and operational risks into clear, business-focused language that resonates with both technical and nontechnical audiences.
Collaborate regularly with IT, business, risk, and compliance teams to support timely, well-informed decision making.
Support remediation efforts by tracking open issues, validating responses, and documenting outcomes through established governance processes.
Stay current with information security policies, standards, and procedures, and help stakeholders understand how changes may impact risk assessments.
Contribute to the ongoing improvement of risk assessment processes, templates, and tooling.

Required Experience and Skills

2-3 years of experience in banking, financial services, or another highly regulated environment.
Hands-on familiarity with cloud service providers such as AWS, Azure, or Google Cloud Platform, and an understanding of how SaaS applications are built on cloud infrastructure.
A solid foundation in information security principles, risk assessment concepts, and control-based evaluations.
Working knowledge of common security and regulatory frameworks, including NIST, NYDFS Cybersecurity Regulation, GLBA, ISO 27001, NIST CSF, and data privacy regulations such as CCPA/CPRA.
Basic understanding of enterprise systems, operating systems, databases, and identity and access concepts.
Strong written and verbal communication skills, with the ability to explain security risk clearly and concisely.
Comfortable working independently while also collaborating effectively across technical and business teams.
Well-organized, detail-oriented, and able to manage multiple assessments and competing priorities.
A strong sense of ownership and follow-through.
Ability to track and maintain risk assessment data and metrics using tools such as Microsoft Excel, Jira, or similar platforms.

Preferred / Nice to Have

Experience supporting third-party or vendor risk management programs.
Exposure to GRC platforms or security risk assessment tools.
Experience reviewing and interpreting SOC reports.
Current or in-progress security certifications (e.g., CompTIA Security+, CompTIA Cloud+, AWS, Azure, Google Cloud Platform, CCSP, CRISC).

#LI-NG1
```

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Dice Id: sharpdec
Position Id: 52327
Posted 1 day ago

Create job alert

Never miss an opportunity! Create an alert based on the job you applied for.

Charlotte, North Carolina

•

Today

Location: Dallas, TX, Charlotte, NC or Middletown, NJ Position Overview: Role Overview: Responsible for end-to-end technology risk lifecycle management within a specific security domain (Network & Security Architecture). Reports to the area s Associate Director and acts as the primary risk advisor for assigned domain leaders. Key Responsibilities: Identify, assess, and monitor technology risks and controls within the assigned domain. Lead and drive risk assessments, issues management, and rem

Contract

Cyber Security Risk Management Lead IAM - onsite

Charlotte, North Carolina

•

Today

Job Title: Cyber Security Risk Management Lead IAM & Insider Threat Location: Dallas, TX, Charlotte, NC or Middletown, NJ Duration: 6 Month with potential to hire NOTE:w hile the roles are not deeply technical, candidates must have enough technical understanding to evaluate controls, analyze data, and drive risk management processes, as well as strong critical thinking, analytical, and communication skills. Position Overview: Role Overview: Responsible for end-to-end technology risk lifecycl

Contract

Cyber Security Risk Management Lead Infrastructure & Data Security - onsite

Charlotte, North Carolina

•

Today

Location: Dallas, TX, Charlotte, NC or Middletown, NJ Duration: 6 Month with potential to hire NOTE: while the roles are not deeply technical, candidates must have enough technical understanding to evaluate controls, analyze data, and drive risk management processes, as well as strong critical thinking, analytical, and communication skills. Position Overview: Role Overview: Responsible for end-to-end technology risk lifecycle management within a specific security domain (Infrastructure & Data

Contract

Information Security Engineer 4 - Contingent

Charlotte, North Carolina

•

Today

Position: Information Security Engineer/Vulnerability Testing Engineer Location: Charlotte, North Carolina , Chandler AZ, Irving TX Duration: Contract Job ID: 174933 Pay Range: 75$-80$ Job Overview: This position involves consulting on complex initiatives with broad impact and large-scale planning for Information Security Engineering. The role requires reviewing and analyzing multi-faceted, larger-scale, or longer-term Information Security Engineering challenges that demand in-depth evaluat

Easy Apply

Full-time

USD 75.00 - 80.00 per hour

Search all similar jobs

GRC Specialist (1030)

Dice Job Match Score™

Job Details

Skills

Summary

Similar Jobs