GRC Specialist

BCM One•Herndon, VA

14h•Hybrid

About The Position

BCM One is looking to add a GRC Specialist to our growing global compliance team. In this role, you will bridge Information Security Governance, Risk & Compliance (GRC) and IT Service Management (ITSM) disciplines to strengthen our global IT operations and compliance posture. The GRC Specialist will work across security, compliance, and service management teams to ensure processes, controls, and IT services meet internal standards, industry regulations, and contractual requirements. This role will report to our Global Manager of Info Sec & GRC to support the monitoring, assessing, designing, implementing, and maintaining security processes that align with GRC frameworks. Additionally, the role will drive operational excellence, audit readiness, and risk mitigation.  You’ll collaborate with teams across global cross-functional teams to ensure consistent service delivery and compliance across our environment. Work Location: This position may be hybrid or fully remote. Preference will be given to candidates located in or near one of our office locations: Grand Rapids, Michigan; Herndon, Virginia; Alpharetta, Georgia; or Blue Bell, Pennsylvania. Candidates must live in and be authorized to work in the United States; this position is not eligible for relocation or sponsorship. Hours: Core hours are typically 8:00 a.m.–5:00 p.m. Eastern Time, with flexibility to support international teams. Travel: Travel is unlikely but could include a less than 5 trips per year to international offices.

Requirements

5+ years of experience in Security Governance, Risk & Compliance
Strong knowledge of GRC frameworks such as ISO 27001, SOC 2, NIST 800-53, CIS Controls, GDPR
Proven experience supporting internal and external audits
Ability to identify, assess, and prioritize risks using risk-based thinking and sound judgment
Skilled at monitoring security and compliance performance through KPIs, SLAs, and OLAs
Strong documentation, analytical, organizational skills, and attention to detail
Ability to manage multiple priorities and deadlines in a fast-paced, global environment
Excellent communication skills, able to explain technical and compliance concepts to non-technical audiences
Experience working cross-functionally with IT, security, compliance, and business teams across geographies
Familiarity with ITIL processes (incident, problem, change, request, asset/configuration management)
Proactive mindset with a commitment to integrity, confidentiality, and continuous learning

Nice To Haves

Security/GRC certifications (e.g., CISSP, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, CompTIA Security+)
Experience with IT Service Management, systems administration, and regulated industries (telecommunications, finance, healthcare)
Experience working in global, multicultural teams and adapting to diverse cultures

Responsibilities

Support development, implementation, and maintenance of GRC frameworks (e.g., ISO 27001, SOC 2, GDPR).
Conduct risk assessments, control testing, compliance monitoring, and third-party security evaluations.
Assist with internal/external audits by preparing evidence, reports, and remediation plans.
Maintain documentation of policies, procedures, and controls per global standards.
Collaborate with Privacy/Legal on data protection and facilitate privacy impact assessments.
Facilitate Business Impact Assessments and oversee Business Continuity testing and updates.
Monitor and report on Security GRC metrics to identify risks and improvement opportunities.
Support change management to ensure security and compliance with minimal disruption.
Coordinate between IT, Security, and Compliance teams to align service delivery with regulatory requirements.
Deliver training and awareness programs, including phishing simulations and compliance education.
Recommend and implement process improvements to reduce risk and enhance operational efficiency.