CrawlJobs Logo

Information Security Governance, Risk and Compliance Specialist

· Job Posted March 01, 2026
Apply Position
Job Link Share

Job Description

The Information Security Governance, Risk and Compliance (GRC) Specialist is a seasoned subject matter expert, responsible for supporting the organization's information security program by assessing risks, implementing security controls, ensuring compliance, managing security awareness initiatives, and contributing to policy development. This role collaborates with internal teams to enhance security practices and maintain a strong security posture.

Job Responsibility

  • Assists in conducting risk assessments and vulnerability assessments
  • Contributes to the development and maintenance of security policies and procedures
  • Collaborates with internal stakeholders to ensure compliance with industry standards and regulations
  • Participates in security awareness and training initiatives
  • Supports incident response activities and investigations as required
  • Monitors and reports on security compliance metrics
  • Assists in the implementation of security controls and best practices
  • Stays updated with emerging security threats and trends
  • Performs any other related task as required

Requirements

  • Bachelor’s degree or equivalent in Information Technology or Computer Science degree or related field
  • Security certifications such as CISA, CRISC, COBIT, IIA or equivalent preferred
  • Certifications such as Lead audit/Implementer - ISO 27001, SOC TSP desirable
  • Seasoned experience in information security or related roles
  • Seasoned exposure to risk assessment, compliance, security awareness, or policy development is beneficial
  • Seasoned familiarity with information security frameworks and standards
  • Seasoned understanding of risk assessment methodologies, compliance, and policy development
  • Strong communication and interpersonal skills for effective collaboration
  • Strong attention to detail and ability to follow established processes
  • Seasoned project management skills for coordinating security initiatives

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Information Security Governance, Risk and Compliance Specialist

8 matching positions

Senior Information Security Governance, Risk and Compliance Specialist

The Senior Information Security Governance, Risk and Compliance (GRC) Specialist...
Location
Location
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in Information Technology or Computer Science degree or related field
  • Security certifications such as CISA, CRISC, COBIT, IIA or equivalent preferred
  • Certifications such as Lead audit/Implementer - ISO 27001, SOC TSP preferred
  • Advanced experience in information security, including GRC-related roles
  • Advanced experience in leading risk assessments, compliance efforts, security awareness initiatives, and policy management
  • Advanced understanding of information security frameworks and standards
  • Advanced proficiency in conducting risk assessments, analyzing security controls, and policy management
  • Excellent communication and interpersonal skills for collaborating with various stakeholders
  • Strong project management skills for handling security initiatives
  • Advanced familiarity with legal and compliance aspects related to information security
Job Responsibility
Job Responsibility
  • Leads risk assessments and gap analyses to identify vulnerabilities and recommends risk mitigation strategies
  • Develops and maintains security policies, standards, and procedures
  • Collaborates with legal and compliance teams to ensure adherence to regulatory requirements
  • Provides guidance and support to junior GRC team members
  • Assists in the creation and delivery of security awareness and training programs
  • Participates in security incident response activities as needed
  • Contributes to the continuous improvement of the information security program
  • Assists in policy management and refinement
  • Performs any other related task as required
  • Fulltime
Read More
Arrow Right

Information Security Integration and Governance Specialist

Within Airbus Defence and Space SAU, Corporate Security operates under a holisti...
Location
Location
Spain , Getafe Area
Salary
Salary:
Not provided
airbus.com Logo
Airbus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • University degree in Computer Science, Engineering, Telecommunications, Information Systems, or a related field
  • Relevant industry certifications are highly valued (e.g. CISSP, CISM, CISA, ISO/IEC 27001 Lead Implementer/Auditor)
  • Deep understanding of risk analysis: proven experience leading and documenting comprehensive Information Security Risk Assessments (RAR) and defining effective mitigation strategies. Knowledge of MAGERIT and EBIOS methodologies and tools (Pilar / Fence)
  • Regulatory Compliance Mastery (ENS, CCN-STIC…)
  • Accreditation and Audit Management: extensive hands-on experience in managing security audits and supporting system accreditation/certification processes (eg. ISO 27001, ENS compliance)
  • Penetration Test Coordination: experience coordinating penetration testing (overseeing the scope, evaluating technical results, and tracking remediation plans)
  • Security Architecture/Controls: solid understanding of technical security controls across network, system, and application layers, and the ability to interface with IT/DevOps teams
  • Security Project Management: Demonstrated ability to manage and deliver security implementation projects on time and within budget, translating high-level policy into actionable tasks
  • Deviation Management: experience defining, managing, and tracking security exceptions or deviations, including risk acceptance and compensating control documentation
  • Stakeholder communication: excellent written and verbal communication skills to effectively bridge the gap between Corporate Security management and IT operation teams
Job Responsibility
Job Responsibility
  • Strategic Interconnection: Act as the interface and point of contact between the Corporate Security area and the Digital area, translating security requirements into applicable technical solutions
  • Risk Management and Analysis: Lead the analysis, assessment, and treatment of security risks, identifying vulnerabilities and proposing countermeasures to mitigate the potential impact on company assets
  • Regulatory and Legal Compliance: Ensure strict knowledge and compliance with Spanish and international applicable regulations (eg ENS, CCN-STIC, NIS2, CRA, ISO 27001, NATO, EU, PART-IS, CMMI, NIST), as well as actively participating in accreditation processes and system certification
  • Audit and Accreditation: Coordinate security audits (internal and external) and manage the necessary documentation and evidence for system accreditation processes
  • National networks: provide technical expertise and support to the Spanish NISO (National Information Security Officer) in evaluating and defining the security conditions required to answer the demands for different areas regarding interconnections and geographical extensions of our national network
  • Security Project Management: lead or participate in the management of key projects aimed at implementing, updating, or reinforcing security controls and tools
  • Deviation Management: administer and document the security deviation management process, evaluating its associated risk and establishing mitigation plans
  • Support the Spanish NISO in the implementation of the company digital security strategy within the framework of the national laws and regulations and in the implementation of technical and organization measures to identify, resort and manage cyber security risks
  • Fulltime
Read More
Arrow Right

Risk and Compliance Specialist

We are looking for a Risk and Compliance Specialist to join a contract opportuni...
Location
Location
United States , Chicago
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Risk Management, Information Systems, Cybersecurity, or a related discipline
  • 1–3+ years of experience in risk management, internal audit, IT compliance, or a similar function
  • Background in a Big 4 environment and possession of a recognized certification such as CISA or an equivalent credential
  • Working knowledge of IT audit and compliance frameworks, including COBIT, ISO/IEC standards, NIST 800-53, and SOC controls
  • Hands-on experience with ITGC reviews, audit support, audit findings management, and access control concepts
  • Ability to explain technical risk clearly to varied audiences and convert regulatory requirements into practical business solutions
  • Advanced proficiency with Microsoft Office applications and strong written and verbal communication skills
Job Responsibility
Job Responsibility
  • Partner with security, technology, and product teams to evaluate risks, improve control design, and support a consistent compliance posture across the organization
  • Perform assessments of IT general controls, including user access, change governance, segregation of duties, operational procedures, asset oversight, encryption practices, and secure development controls
  • Support internal and external audit activities by preparing documentation, organizing evidence, and helping address findings through clear remediation plans
  • Apply recognized frameworks such as COBIT, ISO 27001, ISO 27018, NIST 800-53, and SOC-related standards to review controls and identify gaps or improvement opportunities
  • Translate audit and regulatory requirements into repeatable processes that reduce manual effort while improving the quality and defensibility of compliance activities
  • Create process maps, control narratives, and other supporting materials that clearly document workflows, risks, and control ownership
  • Contribute to security risk assessments and control testing efforts to validate that policies and procedures are operating effectively
  • Assist with the development or enhancement of automated evidence gathering and reporting methods, including integration with audit, ticketing, or asset management platforms where applicable
What we offer
What we offer
  • Medical, vision, dental, and life and disability insurance
  • enrollment in company 401(k) plan
Read More
Arrow Right

IT Risk and Compliance Specialist

We are looking for an experienced IT Risk and Compliance Specialist to join our ...
Location
Location
United States , Littleton
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience with cybersecurity frameworks, IT governance, and compliance standards
  • Proven ability to write clear and concise IT policies, procedures, and technical documentation
  • Solid understanding of IT systems, including networks, servers, endpoints, cloud platforms, and security tools
  • Expertise in asset inventories, software inventories, and vulnerability management
  • Strong collaboration skills to work with technical teams and translate processes into actionable documentation
  • Familiarity with project management tools such as Monday.com or similar platforms
  • Ability to work independently and manage documentation deliverables with minimal supervision
  • Excellent organizational and communication skills to ensure high-quality outputs
Job Responsibility
Job Responsibility
  • Create, update, and maintain IT policies, procedures, and documentation aligned with security frameworks
  • Analyze existing cybersecurity practices to identify gaps and recommend documentation improvements across approximately 15 domains
  • Develop materials for areas such as enterprise asset control, software management, vulnerability management, and malware defenses
  • Collaborate with internal subject matter experts and technical teams to gather accurate information for documentation
  • Build and track compliance artifacts while ensuring they meet regulatory and organizational standards
  • Access sensitive systems and environments to collect necessary data for documentation
  • Ensure documentation is structured, stored, and updated consistently to support compliance efforts
  • Provide estimates on time, effort, and scope required to achieve compliance goals
  • Utilize workflow and project management tools effectively to coordinate documentation deliverables
What we offer
What we offer
  • medical, vision, dental, and life and disability insurance
  • eligible to enroll in our company 401(k) plan
Read More
Arrow Right

IT Risk and Compliance Specialist

We are looking for an experienced IT Risk and Compliance Specialist to join our ...
Location
Location
United States , Santa Ana
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Information Systems, Computer Science, Accounting, or a related field
  • advanced degree preferred
  • Minimum of 7 years of experience in IT audit, compliance, or risk management roles
  • Strong knowledge of IT general controls, cybersecurity frameworks, and regulatory compliance requirements
  • Proven expertise in managing audits and compliance initiatives within large organizations
  • Relevant certifications such as CISA, CISSP, or similar are highly desirable
  • Exceptional analytical and problem-solving abilities to address complex challenges
  • Strong communication skills to effectively engage technical and non-technical stakeholders
  • Ability to manage multiple priorities and work efficiently in a fast-paced environment
Job Responsibility
Job Responsibility
  • Conduct comprehensive IT audits to evaluate the effectiveness of controls, security protocols, and operational processes
  • Perform risk assessments to identify vulnerabilities within IT systems and procedures, ensuring timely mitigation
  • Manage third-party risk assessments to evaluate vendor compliance and identify potential gaps
  • Develop and oversee audit plans aligned with organizational priorities and regulatory changes
  • Monitor remediation efforts resulting from audit findings and ensure timely resolution
  • Ensure compliance with relevant regulatory standards, including PCI and SOX requirements
  • Maintain and implement IT compliance frameworks, policies, and governance procedures
  • Collaborate with legal, finance, and other stakeholders to address compliance across systems and workflows
  • Stay informed about changes in regulations and assess their impact on IT and business operations
What we offer
What we offer
  • medical
  • vision
  • dental
  • life and disability insurance
  • company 401(k) plan
Read More
Arrow Right

Governance, Risk, & Compliance Specialist

Beacon Hill is now hiring for a fully-remote GRC specialist who has experience w...
Location
Location
United States , Charlotte
Salary
Salary:
Not provided
bhsg.com Logo
Beacon Hill
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ years of experience in GRC, cybersecurity compliance, IT audit, information security, or related areas
  • Knowledge of frameworks including NIST, ISO 27001, SOC 2, and CIS Controls
  • Experience supporting audits, control testing, evidence collection, and remediation activities
  • Ability to develop and maintain security policies, standards, and procedures
  • Experience with risk assessments, compliance reviews, and vendor risk management
  • Strong documentation, organizational, and communication skills
  • Experience collaborating with IT, Security, Engineering, Legal, Compliance, and other business teams
  • Working knowledge of cloud security, identity and access management, vulnerability management, and incident response
Job Responsibility
Job Responsibility
  • Support governance, risk, and compliance initiatives across the organization
  • Maintain security documentation, policies, and compliance records
  • Coordinate audit activities and compliance evidence collection
  • Track remediation efforts, audit findings, exceptions, and risk treatment plans
  • Conduct control testing, risk assessments, and vendor reviews
  • Assist with mapping controls to security and compliance frameworks
  • Maintain risk registers, control inventories, and compliance reporting
  • Partner with internal stakeholders to support security and regulatory requirements
  • Monitor compliance trends and contribute to continuous improvement of the security program
Read More
Arrow Right

Security Governance & Compliance Specialist

The Senior Privacy Analyst is part of a global team who ensures Cisco complies w...
Location
Location
Poland , Krakow
Salary
Salary:
Not provided
Cisco
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A Bachelor's degree in Computer Science, Information Technology, Law, or a related field is typically required, with 2–5 years of experience in privacy compliance, risk management, or data protection
  • Deep understanding of data protection laws, including GDPR, CCPA, along with the ability to monitor emerging legislation
  • Hands-on experience with privacy management platforms (e.g., Securiti.ai, OneTrust)
  • Proven certification holding CIPP/E (Certified Information Privacy Professional/Europe), CIPP/US, or CIPM (Certified Information Privacy Manager)
Job Responsibility
Job Responsibility
  • Research and respond to privacy requests sent to Cisco for action
  • Coordinate with database admin teams across Cisco to assure requests are fully addressed within the legally defined timelines, with special attention focused on those that are high priority
  • Use Privacy Response tool(s) to document remediation actions taken
  • Leverage more than 180 templates to craft legally approved communications
  • and continue to expand template catalog
  • Educate and share best practices with other team members to improve overall ability to respond to new requests
What we offer
What we offer
  • Benefits & perks designed to support every aspect of your life: from your well-being to your time away to your family
Read More
Arrow Right

Information Governance, Communications, and Policy Specialist

Our client, a respected and multi-disciplinary law firm, is seeking an Informati...
Location
Location
Malta
Salary
Salary:
Not provided
abroad-internships.com Logo
Abroad Internships
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A degree in Business, IT, Computing, Law, or a related field
  • Progressive experience in a role focused on information governance, compliance, policy management, or IT audit
  • A strong understanding of information security frameworks, particularly ISO27001, and the principles of policy and procedure documentation
  • Experience within a regulated environment (e.g., financial services, corporate services, iGaming, or law firms) is highly beneficial
  • Excellent written and verbal communication skills in English, with the ability to create clear, structured, and polished documentation
  • A proactive and detail-oriented mindset with a proven ability to improve processes and documentation frameworks
  • Strong collaborative skills with the ability to communicate confidently and effectively with stakeholders at all levels
  • Relevant certifications (or progress towards) such as CISA, CISM, CISSP, or CRISC would be considered an asset
Job Responsibility
Job Responsibility
  • Develop, draft, and maintain internal IT and security policies aligned with ISO27001, GDPR, and other relevant regulatory frameworks
  • Collaborate with IT, Risk, and Compliance teams to ensure policies are practical, effective, and accurately reflect operational processes
  • Monitor regulatory updates from key bodies, perform gap analysis, and recommend necessary policy improvements to ensure continuous compliance
  • Support the end-to-end internal and external audit process for ISO27001, assisting with corrective actions and maintaining all required evidence
  • Act as the primary point of contact for responding to client security questionnaires and due diligence requests
  • Champion internal security awareness initiatives, including training and communications, to foster a robust security culture
  • Ensure all governance documentation is meticulously structured, version-controlled, and audit-ready at all times
What we offer
What we offer
  • Competitive Compensation: You will receive a highly competitive compensation package, which includes a competitive base salary, performance bonuses, and other incentives, all reflective of your experience and contribution
  • Work-Life Balance: We value work-life balance and offer flexible working arrangements
Read More
Arrow Right