Senior GRC Specialist

Job Summary

Owning compliance initiatives end-to-end, the full-time Senior GRC Specialist will lead audits, manage compliance programs, and act as a trusted partner for internal teams and external stakeholders in a remote setting.

Key responsibilities

• Lead compliance programs and audit processes (SOC 2, PCI DSS, GDPR, HIPAA/HITECH) from planning through successful completion
• Act as the primary point of contact for external auditors and customers regarding security and compliance matters
• Oversee internal and external assessments while maintaining and evolving security controls and compliance processes across the organization

Required qualifications

• 6+ years of experience in Information Security, Governance Risk & Compliance (GRC), Audit, or Risk Management
• Strong hands-on experience with frameworks such as SOC 2, PCI DSS, GDPR, HIPAA/HITECH
• Proven experience owning and leading audits and compliance initiatives
• Experience with cloud-based and distributed systems, preferably AWS
• Strong project and stakeholder management skills, capable of managing multiple concurrent initiatives