Sr. GRC Specialist

Miovision•,

20h•Remote

About The Position

At Miovision, we are building the future of smart transportation to keep the world moving smoothly, but to do that, we need to ensure our internal risk and compliance systems are completely free of gridlock! We are looking for a highly capable Senior GRC Specialist to act as the ultimate traffic controller for our Enterprise Risk Management (ERM) and Governance, Risk, and Compliance (GRC) programs. Reporting directly to our GRC Manager, you will keep us in the fast lane by operationalizing our Unified Risk Management Framework across products, cloud platforms, and enterprise systems. We need a hands-on, execution-focused professional who can expertly navigate the busy intersections of ISO 27001, SOC 2, NIST, and FAIR, translating complex regulatory road signs into practical, actionable controls. If you are ready to steer risk assessments, prevent compliance traffic jams, and partner with teams across the organization to ensure a safe and secure ride for our mission-critical platforms, it is time to hit the gas.

Requirements

Extensive, hands-on experience in GRC, cyber risk, compliance, audit, or information security roles.
Highly proficient with modern GRC platforms and compliance management tools.
Strong working knowledge of at least three (3) of the heavy hitters: ISO 27001, SOC 2, NIST (CSF / RMF / 800-53), FedRAMP, FAIR, or COSO enterprise risk concepts.
Proven track record of building and operating robust risk registers, control frameworks, and reporting mechanisms.
Ability to translate dense, technical risks into clear, actionable business impacts.
Thrive in SaaS, cloud, or critical-infrastructure-adjacent environments (this is strongly preferred!).
Communicate effortlessly with everyone from strict external auditors to deep-in-the-weeds engineers and non-technical stakeholders.
Incredibly analytical mindset with razor-sharp attention to detail, accuracy, and critical problem-solving skills.
Valuable exposure to public-sector or highly regulated customer requirements (such as federal, state, municipal, or transportation agencies).

Responsibilities

Identify, assess, document, and track enterprise, cybersecurity, product, and third-party risks within Miovision’s risk register.
Execute daily GRC activities and maintain risk scoring, treatment plans, and evidence aligned with our Unified Risk Management Framework (ISO 27001, SOC 2, NIST, FAIR).
Track risk remediation and champion exception, deviation, and risk acceptance workflows, ensuring everything aligns with our defined risk appetite and business justifications.
Act as a central pillar during internal assessments and external audits, coordinating with internal control owners to collect, validate, and maintain rock-solid audit evidence.
Expertly field and prepare accurate, consistent responses for customer security questionnaires, RFPs, and due-diligence requests.
Support policy lifecycle activities, map controls across multiple frameworks to reduce duplication, and assist in building repeatable audit playbooks.
Partner closely with Engineering, Cloud Ops, IT, and Product to seamlessly embed risk controls into product development, cloud operations, and vendor onboarding.
Drive risk awareness, deliver security training, participate in cross-functional risk forums, and act as the vital bridge translating cybersecurity requirements to the broader business.
Take the reins on key GRC program components (like third-party risk or control testing), mentor junior analysts, drive process automation, and shadow the GRC Manager on executive reporting and strategic initiatives.