IT Governance Risk Compliance Specialist

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, or related field (or equivalent experience) and four (4) – seven (7) years in security, compliance, audit with three (3) years managing GRC programs.
• Hands-on experience with NIST 800-171/CMMC, DFARS, ITAR, GDPR.
• Knowledge of governance, risk, and compliance frameworks (ISO 27001, NIST, CMMC, GDPR).
• Familiarity with IT security controls and audit processes.
• Experience with audits, POA&Ms, evidence repositories.
• Strong analytical, documentation, and communication skills.

Nice To Haves

• Experience with GRC tools (e.g., ServiceNow GRC, Archer) is a plus.
• Strong understanding of security operations.
• Preferred Qualifications: CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, CMMC RP/CP.
• CompTIA Security+ (for security knowledge).
• DoD/government contractor experience.
• Exposure to Berkshire Hathaway audit practices.
• Tools & Stack Exposure: GRC/IRM platforms Microsoft 365 Defender, Sentinel, Entra ID Jira/ServiceNow SharePoint, vulnerability scanners, backup/DR tools

Responsibilities

• Governance: Help create, maintain, and promote compliance with IT/security policies mapped to frameworks (NIST 800-171, ISO 27001, CMMC, GDPR, ITIL). Establish control baselines and collaborate with Security Ops for implementation. Run Policy Council cadence with stakeholders.
• Risk Management: Establish and maintain IT risk register. Conduct IT risk assessments and support POA&M remediation. Monitor and report on risk posture and compliance gaps. Coordinate business impact analyses aligned with DR/BCP.
• Compliance & Audit: Guide CMMC Level 2 program management (gap analysis, POA&M tracking, evidence collection). Maintain DFARS, ITAR, GDPR, and other global regulatory requirements. Orchestrate internal/external audits and remediation. Prepare and maintain audit documentation for internal and external assessments. Maintain centralized evidence repository.
• Operational Support: Collaborate on patching, access reviews, and configuration compliance. Assist in business continuity and disaster recovery planning documentation.
• Security Alignment: Partner with Security Ops on controls to meet regulatory obligations. Own compliance documentation for incidents and lessons learned.
• Third-Party & Supply Chain Risk: Run vendor due diligence and review contract/security clauses. Track service provider controls and exceptions.
• Privacy: Coordinate with Legal/HR on privacy impact assessments, data mapping, retention, and transfers. Confirm global privacy alignment in tooling and processes.
• Training & Awareness: Create annual compliance training and maintain records. Provide targeted sessions for admins on evidence quality and audit readiness.
• Reporting: Generate compliance dashboards and risk reports for leadership review. Deliver monthly compliance and risk dashboards. Provide quarterly briefings to leadership.

Benefits

• Medical/ Dental/ Vision
• 401(k)/Roth plan with matching
• Healthcare Savings Accounts
• Educational Assistance (Tuition Reimbursement)
• Ongoing training throughout your employment with opportunities to participate in professional and personal development programs
• A strong focus on giving back to our communities through philanthropic opportunities
• Great culture and opportunities for growth and advancement