Specialist, GRC (Governance, Risk & Compliance)

About The Position

Requirements

• Bachelor’s degree in Information Technology, Computer Science, Engineering, or related field.
• 5 years of related experience in information security governance, risk management, compliance, or audit functions.
• Demonstrated experience executing audit plans, maintaining risk registers, and supporting compliance programs.
• Experience working with cybersecurity frameworks such as NIST CSF, CIS Controls, NERC CIP, or equivalent standards.
• Experience with evidence repositories, compliance dashboards, and GRC tools.
• Experience collaborating with cross-functional technical teams and external auditors in a regulated or highly controlled environment preferred.
• Associate’s degree in information technology, Computer Science may substitute when accompanied by a minimum of 8 years of experience in information security governance, risk management, compliance, or audit functions and at least 5 years of experience performing a previous position as Specialist role.
• Knowledge of governance, risk, compliance, and audit frameworks (NIST CSF, CIS v8, NERC CIP, PR Cybersecurity Act).
• Strong analytical and critical thinking skills with ability to interpret complex data.
• Understanding of relevant laws, regulations, and industry standards applicable to IT/OT environments.
• Excellent communication skills, with the ability to translate complex technical concepts for non-technical audiences.
• Ability to collaborate effectively with cross-functional teams and external auditors.
• Strong planning and organizational skills, with the ability to manage multiple audit and compliance workstreams simultaneously.

Nice To Haves

• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Additional NIST, NERC CIP, or cybersecurity framework certifications

Responsibilities

• Executes IT/OT security risk assessments and compliance reviews aligned with the LUMA Cybersecurity Controls (LCC) Program and regulatory frameworks to strengthen organizational security posture and ensure regulatory adherence.
• Maintains and updates the risk register and self‑identified issue tracker to ensure timely documentation, accurate status reporting, and appropriate escalation of risks.
• Supports and executes IT audit activities by assessing compliance with information security policies, general IT controls, and identity and access management, while coordinating third‑party assessments to ensure comprehensive evaluation and effective closure of audit findings.
• Conducts regulatory compliance assessments against NIST Cybersecurity Framework (NIST CSF), CIS Critical Security Controls (CIS) v8, PR Cybersecurity Act, North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), Computer Fraud and Abuse Act (CFAA), and other applicable standards to identify control gaps and track remediation progress.
• Monitors technology projects to validate adherence to secure‑by‑design principles across IT and OT environments to reduce security vulnerabilities at the architectural stage.
• Supports incident response activities through review of data protection controls, user access, log reports, and restricted information to ensure policy‑aligned containment and mitigation efforts.
• Prepares monthly and quarterly compliance and audit reports, including risk trends and remediation status to inform leadership decision‑making with data‑driven insights.
• Supports the integration of cybersecurity and compliance requirements into vendor contracts and onboarding processes to strengthen third‑party risk management.
• Delivers cybersecurity awareness and training sessions across IT/OT teams to reinforce compliance culture and organizational readiness.
• Follows established company policies, procedures, and standards to ensure full compliance with applicable laws and industry regulations.
• Participates in storm restoration tasks and assigned drills to contribute to the safe and reliable recovery of services.
• Performs additional tasks aligned with role expectations and qualifications to support team goals and operational flexibility.

Benefits

• LUMA Energy is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, military status, disability, or any other characteristic protected by federal or local laws.