Information Security GRC Specialist
About The Position
This role provides a pivotal opportunity to shape and maintain an organizationâs information security governance, risk, and compliance (GRC) program. You will oversee security policies, technical standards, and procedures while coordinating internal and external security assessments. The position demands both strategic oversight and hands-on engagement with cross-functional teams, ensuring alignment with regulatory and industry standards. You will identify, assess, and mitigate security risks while driving continuous improvement in compliance processes. Collaboration with technical, regulatory, and business teams is key, and the role emphasizes proactive, high-quality, and automated approaches to GRC. Ideal candidates are analytical, detail-oriented, and adept at translating technical findings into actionable business insights.
Requirements
- Minimum of 5 years in Information Security GRC roles.
- At least 3 years leading or coordinating internal compliance assessments, audits, or strategic maturity evaluations.
- Strong knowledge of information security frameworks (ISO/IEC 27000 series, COBIT, NIST SP 800-xx, NIST CSF, CIS).
- Experience with regulatory and cybersecurity requirements applicable to financial or fintech organizations.
- Proficiency in scripting, JSON/YAML configurations, command-line tools, and basic automation.
- Ability to analyze data from logs to identify trends and derive actionable insights.
- Certified Information Systems Auditor (CISA) or equivalent credentials.
- Knowledge of AWS Cloud Infrastructure or AWS Certified Cloud Practitioner.
- Strong communication, collaboration, and stakeholder management skills.
- Detail-oriented with a proactive and continuous learning mindset.
Nice To Haves
- ISO 27k Lead Auditor, CISSP, PMP certifications, cloud security best practices, Agile/PMI methodologies, and familiarity with GDPR or other international regulations.
Responsibilities
- Maintain, implement, and continuously improve the Information Security GRC program.
- Coordinate internal and external audits, compliance assessments, and maturity evaluations.
- Ensure adherence to regulatory, contractual, and industry information security standards.
- Collaborate with cross-functional teams to embed security controls into technical and business processes.
- Conduct risk assessments, monitor control effectiveness, and recommend remediation strategies.
- Support adoption and consistent application of security policies, procedures, and technical standards.
- Leverage automation and Agile approaches to shift from manual compliance to integrated, continuous practices.
- Provide reporting, metrics, and insights to stakeholders and senior management.
Benefits
- Remote-first work environment with global collaboration.
- Unlimited paid time off through the Me Time program.
- Employee stock options and premium health, dental, and life insurance in multiple countries.
- Extended family leave (4 months for all parents, birthing or non-birthing, and adoptive).
- Zero trading fees via internal crypto platforms.
- Monthly stipend for wellness, fitness, sports, learning, and entertainment activities.
- Opportunities for professional growth and to make a meaningful impact in information security and risk management.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
