GRC Specialist

The role of the GRC Specialist is responsible for the day-to-day execution of governance, risk, and compliance (GRC) activities. This includes preparing for SOC and other audits, collecting and organizing evidence, responding to client/vendor security questionnaires, and maintaining the accuracy of the cyber risk register.

The role works closely with IT, Security Engineering, and business stakeholders to ensure audit requests and client inquiries are addressed promptly and consistently. The Specialist ensures that risks, exceptions, and remediation actions are logged and tracked to completion, providing a strong operational foundation for the Risk & Compliance program., Audit & Assurance Support:

• Collect and organize evidence for SOC2 and other internal audits.
• Track remediation items from audits, ensuring timely closure with responsible teams.
• Maintain a repository of reusable audit evidence to streamline future cycles.
• Support the Risk & Compliance Lead in responding to auditor and assessor queries.
• Client & Vendor Security Questionnaires.
• Coordinate responses to customer and third-party security questionnaires.
• Collaborate with technical owners (Engineering, IT, Product) to provide accurate answers.
• Maintain a knowledge base of pre-approved responses to accelerate RFPs and renewals.
• Ensure responses are consistent with SOC2 reports and company policy.

Risk Register & Exception Management:

• Update and maintain the cyber risk register in coordination with the Risk & Compliance Lead.
• Record new risks, assign owners, and track remediation/progress.
• Document Policy Exception Risk Acceptance (PERA) approvals and expirations.
• Ensure risk data is kept current for reporting cycles.

Reporting & Metrics:

• Contribute data for quarterly risk and compliance dashboards.
• Provide metrics on questionnaire volumes, audit findings, and remediation timelines.
• Highlight overdue risks, audit items, or exceptions to the Risk & Compliance Lead.

Do you have experience in ServiceNow?, * Experience in IT audit, compliance, or GRC operations.

• Familiarity with audit frameworks (SOC2, ISO 27001, GDPR).
• Strong organizational skills for evidence collection and tracking.
• Ability to manage multiple concurrent requests and deadlines.
• Clear written communication for client questionnaires and reports.
• Experience in SaaS, data analytics, or regulated industries.
• Exposure to vendor/supplier risk assessments.
• Experience using GRC platforms (ServiceNow GRC, Archer, or equivalent).

Wood Mackenzie is the global leader in analytics, insights and proprietary data across the entire energy and natural resources landscape. For over 50 years our work has guided the decisions of the world's most influential energy producers, utilities companies, financial institutions and governments. Now, with the world's energy system more complex and interconnected than ever before, sector-specific views are no longer enough. That's why we've redefined what's possible with Intelligence Connected. By fusing our unparalleled proprietary data with the sharpest analytical minds, all supercharged by Synoptic AI, we deliver a clear, interconnected view of the entire value chain. Our trusted team of 2,700 experts across 30 countries breaks siloes and connects industries, markets and regions across the globe. This empowers our customers to identify risk sooner, spot opportunities faster and recalibrate strategy with confidence - whether planning days, weeks, months or decades ahead. Wood Mackenzie Intelligence Connected WoodMac.com Wood Mackenzie Brand Video Wood Mackenzie Values * Inclusive - we succeed together * Trusting - we choose to trust each other * Customer committed - we put customers at the heart of our decisions * Future Focused - we accelerate change * Curious - we turn knowledge into action