This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
Beacon Hill is now hiring for a fully-remote GRC specialist who has experience working in the energy sector. This is a contract to hire position with occasional travel.
Job Responsibility
Support governance, risk, and compliance initiatives across the organization
Maintain security documentation, policies, and compliance records
Coordinate audit activities and compliance evidence collection
Track remediation efforts, audit findings, exceptions, and risk treatment plans
Conduct control testing, risk assessments, and vendor reviews
Assist with mapping controls to security and compliance frameworks
Maintain risk registers, control inventories, and compliance reporting
Partner with internal stakeholders to support security and regulatory requirements
Monitor compliance trends and contribute to continuous improvement of the security program
Requirements
3+ years of experience in GRC, cybersecurity compliance, IT audit, information security, or related areas
Knowledge of frameworks including NIST, ISO 27001, SOC 2, and CIS Controls
Experience supporting audits, control testing, evidence collection, and remediation activities
Ability to develop and maintain security policies, standards, and procedures
Experience with risk assessments, compliance reviews, and vendor risk management
Strong documentation, organizational, and communication skills
Experience collaborating with IT, Security, Engineering, Legal, Compliance, and other business teams
Working knowledge of cloud security, identity and access management, vulnerability management, and incident response
Nice to have
Experience in regulated or critical infrastructure industries
Relevant certifications such as CISA, CISM, CISSP, CRISC, Security+, or ISO 27001
Experience with GRC platforms including ServiceNow GRC, Archer, OneTrust, AuditBoard, LogicGate, Drata, or Vanta
Familiarity with privacy, data protection, and third-party risk management programs
Experience creating compliance reporting, risk dashboards, and executive-level presentations