GRC Specialist
Role details
Job location
Tech stack
Job description
BCM One is looking for a GRC Specialist to join our growing global compliance team. In this role, you will bridge Information Security Governance, Risk & Compliance (GRC) and IT Service Management (ITSM) disciplines to strengthen our global IT operations and compliance posture. You'll work hands-on across security, compliance, and service management teams to drive the design, implementation, and ongoing operation of security controls, ensuring alignment with internal standards, industry regulations, and contractual requirements.
Reporting to the Global Manager of Info Sec & GRC, this role will lead efforts across monitoring, assessing, designing, implementing, and maintaining security processes aligned with GRC frameworks, while driving operational excellence, audit readiness, and risk mitigation. You'll collaborate with cross-functional teams across global geographies to ensure consistent control adoption, service delivery, and compliance across the environment., * Support the development, implementation, and maintenance of GRC frameworks (e.g., ISO 27001, SOC 2, GDPR).
- Conduct risk assessments, design and validation of security controls, compliance monitoring, and third-party security evaluations.
- Manage internal and external audits, including audit preparation, evidence collection, reporting, and remediation planning.
- Help to lead security control implementation by partnering with cross-functional teams and advising stakeholders on control adoption across the business.
- Maintain documentation of policies, procedures, and controls per global standards.
- Collaborate with Privacy/Legal on data protection and facilitate privacy impact assessments.
- Facilitate Business Impact Assessments and oversee Business Continuity testing and updates.
- Monitor and report on Security GRC metrics to identify risks and improvement opportunities.
- Support change management to ensure security and compliance with minimal disruption.
- Coordinate between IT, Security, and Compliance teams to align service delivery with regulatory requirements.
- Deliver training and awareness programs, including phishing simulations and compliance education.
- Recommend and implement process improvements to reduce risk and enhance operational efficiency.
Requirements
Do you have experience in Technical documentation?, * 5+ years of hands-on experience in Security Governance, Risk & Compliance, with direct responsibility for leading the design, implementation, and ongoing operation of security controls
- Strong hands-on experience with SOC 2 is required, along with knowledge of GRC frameworks such as ISO 27001, NIST 800-53, CIS Controls, and GDPR, with experience applying them to security control implementation
- Proven experience managing audit preparation and evidence for internal and external audits
- Ability to identify, assess, and prioritize risks using risk-based thinking and sound judgment
- Skilled at monitoring security and compliance performance through KPIs, SLAs, and OLAs
- Strong documentation, analytical, and organizational skills, with attention to detail
- Ability to manage multiple priorities and deadlines in a fast-paced, global environment
- Strong communication skills, able to explain technical and compliance concepts to non-technical audiences
- Experience working cross-functionally with IT, security, compliance, and business teams to drive security control adoption across geographies
- Familiarity with ITIL processes (incident, problem, change, request, asset/configuration management)
- Proactive mindset with a commitment to integrity, confidentiality, and continuous learning
- Preferred: Experience with IT Service Management, systems administration, and regulated industries (telecommunications, finance, healthcare)
Benefits & conditions
Pulled from the full job description
- Health insurance
- 401(k) matching
- Vision insurance
- Dental insurance
- Disability insurance
- Paid holidays, * Competitive industry salaries
- Comprehensive medical, dental, and vision insurance
- Company-provided life and disability insurance
- Matching 401 (k) plan
- Employee Emergency Assistance Fund
- Paid holidays and vacation time
- FMLA