Senior Governance, Risk, and Compliance Specialist

CISSP, Cyber security, ISO/IEC 27001:2005, Governance, IT security, Information security, Information security governance, Intrusion prevention, Intrusion detection, SIEM, Security awareness, Vulnerability assessment, Compliance, Identity management, Security, Audit, Governance Risk Compliance
Full Time
$70,000 - $120,000
Work from home available Travel not required

Job Description

Wouldn't you like to work for one of the most prominent, award-winning, technology driven companies in Chicago with tons of energy and passion for what they do? If this sounds like the opportunity for you, please apply!


The Security GRC Specialist serves on the Governance, Risk Compliance (GRC) team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical / non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include lifecycle management of client responses, Policy & Standards lifecycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management.



  • Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed.
  • Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation.
  • Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements.
  • Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. 
  • Serve as a subject matter expert for Information Security consulting to technical / non-technical management and staff.
  • Manage and support the 3rd Party Security Vendor Risk Management program and lifecycle.
  • Manage the exception request process and consult as needed.
  • Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs.  
  • Management and support of the GRC technology platforms.
  • Conduct evaluations of an IT program or its individual components to determine compliance with published standards.


Education, Work Experience, Skills

  • Bachelor's degree or five (5) years of work experience in IT Security is required.
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
  • Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG… is required
  • Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred.
  • Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred.
  • Three (3) or more years of experience managing timelines and being self-directed preferred.
  • Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred.



  • Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.  
  • Strong knowledge of risk management principles and practices.
  • Strong knowledge of security administration and role-based security controls.
  • Strong knowledge and use of GRC platforms.
  • Knowledge of host and network-based anti-malware technologies.
  • Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote.
  • Knowledge of client and server firewalling technologies and capabilities.
  • Knowledge of security event management (SIEM), event correlation and analysis technologies.
  • Knowledge of data encryption technologies.
  • Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
  • Knowledge of web filtering and email SPAM prevention techniques.
  • Knowledge of vulnerability assessment and forensic investigations tools.
  • Knowledge of mobile device security and Mobile Device Management solutions.
  • Knowledge of Privileged Access Management technologies.


Certificates, Licensures, Registrations

  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Dice Id : 90969093
Position Id : 6663107
Originally Posted : 5 months ago
Have a Job? Post it