Senior Cyber GRC Specialist

About The Position

Requirements

• 3-5 years of experience in GRC, risk management, compliance, or IT Audit.
• In-depth understanding of regulatory requirements and industry standards (e.g., NYS DFS, NIST CSF, SOC1/2, Sarbanes-Oxley/MAR).
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills
• Demonstrates strong business writing skills, including the ability to craft clear, concise, and professional communications and reports.
• Ability to work independently and as part of a team.
• Proficiency in GRC tools and software, specifically Audit Board, Drata, etc.
• Knowledge of AI regulations and industry practices including framework and risks.

Nice To Haves

• Relevant industry certifications such as CISSP, CISA, CRISC, CGRC or similar preferred.
• Familiarity with reporting and visualization tools desired (e.g. PowerBI)
• Demonstrated leadership and project management skills.

Responsibilities

• Subject Matter Expert in the development, implementation, and maintenance of cGRC policies and procedures.
• Conduct comprehensive cGRC risk assessments to identify, evaluate, and prioritize risks across the organization, providing required and recommended mitigation action items.
• Conduct operational risk assessments of external vendors and service providers under the third-party risk management framework.
• Monitor and report on compliance with regulatory requirements and internal policies.
• Collaborate with various departments to ensure adherence to cGRC standards.
• Maintain and update risk registers and compliance documentation.
• Manage metrics related to Cybersecurity risks, Non-compliant Vendors, and vendor security incidents.
• Create and maintain dashboards and reports to show cGRC status.
• Perform other duties as assigned