Governance, Risk and Compliance (GRC) Specialist

BENEFITS: Medical, dental, and vision insurance, 401K, sick leave, and employee assistance program. Depending on your package selection, Averro offers PTO, paid holidays, and legal insurance.

EXTENSION/CONVERSION: Eligible

ROLES & RESPONSIBILITIES

Our client is seeking a Governance, Risk and Compliance (GRC) Specialist to join our growing Information Security team. A successful candidate has a proven track record of achieving positive results through cross-functional collaboration while overcoming the challenges of a rapidly growing organization, regulatory obligations, and dynamic operational requirements.

As a GRC Specialist, you will be responsible for ensuring cybersecurity strategies and policies are in compliance with industry regulations and mitigate risks to ensure data security. You will partner with Legal, Compliance and Regulatory Affairs staff to develop and enforce policy and monitor compliance with applicable requirements. You will also work with various teams within the organization to identify risks and develop and implement effective risk management strategies.

• Partner with Legal, Compliance, and Regulatory Affairs to manage overall compliance with internal policies, nuclear regulations (NIRMA, CFR), applicable law (HIPAA, GDPR), and information security industry standards (NIST, ISO/IEC).
• Develop, maintain, and enforce the organization's information security policies, processes, and procedures.
• Manage the company s System Security Plan (SSP) in alignment with our security controls.
• Maintain the company s cybersecurity Plan of Action and Milestones (POA&M) assigning risk values to the matrix to drive priority.
• Conduct and participate in internal and external audits for compliance with applicable laws, regulations, and industry standards.
• Develop and maintain an effective cybersecurity risk management program, including risk assessments, vulnerability assessments, and threat assessments.
• Assist in creating, maintaining and reporting of a corporate Risk Register for leadership review.
• Work with cross-functional teams to identify and assess security vulnerabilities and develop effective mitigation strategies.
• Ensure incident response policies, playbooks, and escalation procedures are in place.
• Contribute to development of information security awareness training to ensure all staff members are knowledgeable with the organization s cybersecurity policies, procedures, and standards.

ESSENTIAL SKILLS AND EXPERIENCE

• Minimum of 5 years of experience in cybersecurity governance, risk, and compliance roles.
• Knowledge of industry regulations and standards, such as NIRMA, Code of Federal Regulations (10 CFR Part 810), HIPAA, FedRamp, CMMC, GDPR, NIST Cybersecurity Framework (especially 800-53 and 800-171), ISO 27001, etc.
• Proven track record of coordinating with external auditors and participating in compliance audits.
• Strong analytical, critical-thinking, and problem-solving skills, with the ability to identify and assess risks and develop effective mitigation strategies.
• Excellent communication skills, both verbal and written, with the ability to communicate complex cybersecurity concepts to technical and non-technical audiences.
• Willing to share knowledge and assist others in understanding technical and business topics.
• Strong project management skills, with the ability to manage multiple projects simultaneously and meet tight deadlines.
• Familiarity with security assessment tools and techniques, such as vulnerability scanning and penetration testing.
• The successful candidate will possess a high degree of trust and integrity, communicate openly and display respect and a desire to foster teamwork.

REQUIRED QUALIFICATIONS:

• Bachelor's degree in Computer Science, Information Security, or related field.
• At least one industry certification (e.g., CISA, CISM, CGEIT, CRISC, CISSP, ISAAP, GRCP).
• Experience effectively managing security controls in hybrid (Cloud & on-prem) environments.
• Experience working in a heavily regulated industry.
• Project management experience is preferred.

WHY AVERRO?

VETERAN OWNED: We support and place a high number of veterans.

Averro is an equal opportunity employer, and we are committed to diversity, equity, and inclusion in the workplace. All qualified applicants will receive consideration for employment, regardless of criminal histories, consistent with legal obligations. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.

View our privacy policy here: