Senior Cybersecurity Specialist GRC

About The Position

Requirements

• Strong written and verbal communication skills
• Ability to influence without direct authority
• Strong analytical and critical thinking skills
• Ability to translate technical risk into business impact
• High attention to detail and documentation discipline
• Strong understanding of enterprise risk management principles
• Experience developing and governing policy frameworks
• Experience coordinating audits and regulatory assessments
• Ability to manage multiple initiatives simultaneously
• Proven ability to lead through influence in matrixed environments
• Familiarity with enterprise security frameworks (e.g., NIST)
• Understanding of regulatory and compliance obligations
• Knowledge of risk assessment methodologies
• Understanding of third-party risk management practices
• Working knowledge of application, infrastructure, and cloud security principles sufficient to assess control adequacy
• Bachelor’s degree in information systems, cybersecurity, business, or related field, or equivalent experience.
• Minimum 8–10 years of experience in information security, governance, risk management, compliance, or related discipline.
• Demonstrated experience leading policy development, risk assessments, and audit coordination activities.
• Experience working within matrixed organizations.
• Schedule flexibility to allow for availability required during the CAP’s non-business hours for activities such as resolution of critical issues or outages, managing off-hours maintenance, meetings with offshore teams, or other critical business needs.
• Travel required when necessary; expected to be less than 10%.
• This position requires candidates to reside within 75-miles of Northfield, IL and fulfill in office requirements.

Nice To Haves

• CISSP
• CISM
• CISA
• CRISC

Responsibilities

• Owns and maintains the enterprise information security policy lifecycle, including development, review, approval coordination, and periodic updates.
• Develops and maintains security standards and control documentation aligned to the enterprise security framework and applicable regulatory requirements.
• Ensures policies and standards are clearly communicated and accessible to business and technology stakeholders.
• Partners with leadership to ensure security governance structures align with organizational objectives.
• Owns and maintains the enterprise security risk register.
• Facilitates risk assessments in collaboration with business and technology stakeholders.
• Communicates security risks in clear business terms, including likelihood, impact, and recommended mitigation strategies.
• Escalates material risks through established governance channels.
• Supports the maturation and formalization of enterprise risk acceptance processes.
• Coordinates enterprise security audit activities, including internal and external assessments.
• Serves as primary liaison for security-related audit inquiries and evidence collection.
• Oversees tracking and reporting of remediation commitments resulting from audits and assessments.
• Ensures control documentation supports traceability to regulatory and framework requirements.
• Establishes and maintains third-party security risk management standards and procedures.
• Reviews and evaluates vendor security documentation and assessment results.
• Advises business owners on third-party security risks and required mitigating controls.
• Tracks remediation commitments and risk documentation related to third-party engagements.
• Owns and maintains security standards, control requirements, and guidance within the assigned security practice domain.
• Leads security scoping activities for enterprise initiatives involving controls within the assigned practice area.
• Defines security requirements, deliverables, and acceptance criteria for initiatives impacting the practice domain.
• Oversees alignment of implementation plans to established security standards.
• Collaborates with project managers and business stakeholders to ensure security milestones are defined, tracked, and documented.
• Escalates material deviations from established standards and supports formal risk documentation where appropriate.
• Develops and maintains key performance indicators and metrics related to the assigned security practice domain.
• Provides periodic reporting on control maturity, risk posture, and initiative progress.
• Communicates practice-level performance insights to security leadership and relevant stakeholders.

Benefits

• We offer a generous compensation and benefits package, 401K, and more -- visit Careers at the CAP for more details
• CAP provides its employees with an energetic and collaborative work environment and encourage opportunities to further develop their skills—offering reimbursement for educational programs and participation in events that enhance your skills