Staff GRC Specialist

About The Position

Requirements

• 7+ years of experience in GRC, security engineering, or IT risk roles with strong product and architecture fluency
• Proven ownership of risk management programs, including risk registers, technical risk assessments, and executive-level reporting
• Deep knowledge of security and risk frameworks (ISO 27001, ISO 42001, SOC 2, NIST 800-53, NIST CSF, NIST AI RMF, HIPAA) and their application to real-world systems
• Strong understanding of cloud-native architectures and security controls across AWS, GCP, or Azure
• Experience with GRC platforms (e.g., Vanta, Drata, OneTrust, ServiceNow GRC) and workflow tools such as Jira Service Management
• Demonstrated ability to leverage AI-powered tools and agents to automate GRC workflows and scale risk operations

Nice To Haves

• Experience with quantitative risk frameworks such as FAIR, COSO, or ISO 31000
• Hands-on familiarity with AI/ML systems, agentic AI, MLOps, or AI safety governance
• Certifications such as CISSP, CISA, CRISC, or ISO 27001 Lead Auditor
• Prior experience navigating AI-specific regulations (e.g., EU AI Act) or emerging technology compliance frameworks

Responsibilities

• Owning the enterprise risk function, including development and continuous improvement of the Risk Register across identification, assessment, mitigation, and monitoring
• Conducting deep technical risk assessments across AI systems and products, data architectures, and inference infrastructure
• Reviewing risk for new products, features, applications, and datasets to embed security and compliance early in the development lifecycle
• Tracking mitigation efforts, escalating critical risks, and providing clear, contextualized risk insights to stakeholders and leadership
• Designing and delivering executive risk reporting, including quarterly briefings on emerging regulations, business changes, and compliance impact forecasts
• Building real-time risk and control health dashboards using GRC and data visualization platforms
• Leading AI risk assessments aligned with emerging standards (e.g., ISO 42001, NIST AI RMF, EU AI Act considerations)
• Optimizing AI risk intake and assessment workflows within Jira Service Management (JSM) Atlassian
• Leveraging AI-driven automation to scale risk activities such as control mapping, evidence validation, and risk correlation analysis
• Owning the Third-Party Risk Management program, including vendor risk assessments and integration with procurement and vendor workflows

Benefits

• Industry competitive pay
• Restricted Stock Units in a fast growing, well-funded technology company
• Health insurance package options that include HDHP and PPO, vision, and dental for you and your dependents
• Employer contributions to HSA accounts
• Paid Parental Leave
• Paid life insurance, short-term and long-term disability
• Teladoc
• 401(k) with a 100% match up to 4% of salary
• Generous paid time off and holiday schedule
• Cell phone reimbursement
• Tuition reimbursement
• Subscription to the Calm app
• MetLife Legal
• Company paid commuter benefit; $300/month