Security Governance and Risk Management Specialist

About The Position

Requirements

• Experience in security governance, program management, and metrics tracking.
• Strong knowledge of security standards and frameworks (NIST, ISO, PCI).
• Skilled in IT and third-party risk assessments and risk register management.
• Expertise in third-party risk management and vendor assurance.
• Ability to lead audits, manage compliance, and coordinate incident response.
• Strong communication and collaboration skills.

Responsibilities

• Support and manage the Security GRC program and track key metrics.
• Monitor regulatory changes and assess their impact on security controls.
• Develop and maintain security standards, policies, and control frameworks (NIST, ISO, PCI).
• Conduct IT and third-party risk assessments; maintain risk and controls register.
• Manage third-party risk by reviewing vendor certifications and aligning controls.
• Lead or assist in security audits, compliance activities, and incident escalation.
• Participate in security awareness and training programs.