[Remote] GRC Specialist (Governance, Risk & Compliance)$90K/yr - $120Kyr
Note: The job is a remote job and is open to candidates in USA. 360CyberX is a company focused on cybersecurity initiatives, and they are seeking a GRC Specialist to support enterprise cybersecurity governance, risk management, and compliance efforts. The role involves performing risk assessments, maintaining governance documentation, and collaborating with stakeholders to ensure compliance with regulatory requirements.
Responsibilities
- Support enterprise governance, risk, and compliance (GRC) activities aligned with industry frameworks and regulatory requirements
- Perform cybersecurity and technology risk assessments in collaboration with security, IT, and business stakeholders
- Assist with the identification, documentation, and tracking of security risks, issues, and remediation efforts
- Maintain and update risk registers, control inventories, and compliance documentation
- Support third-party and vendor risk assessments throughout the vendor lifecycle
- Assist with control reviews, gap analyses, and evidence collection for audits and compliance initiatives
- Contribute to the development and maintenance of security policies, standards, and procedures
- Track remediation activities and help ensure timely closure of identified risks and findings
- Collaborate with cross-functional teams to validate controls and risk mitigation strategies
- Support internal and external audits, client assessments, and special GRC-related projects as assigned
Skills
- Knowledge or experience in one or more of the following areas: Cybersecurity governance, risk management, or compliance (GRC)
- Knowledge or experience in one or more of the following areas: Cybersecurity or technology risk assessment
- Knowledge or experience in one or more of the following areas: Third-party or vendor risk management
- Knowledge or experience in one or more of the following areas: Audit support or compliance readiness activities
- Strong understanding of core cybersecurity and risk management concepts
- Ability to analyze risks, document findings, and communicate clearly with technical and non-technical stakeholders
- Experience working in enterprise, consulting, or multi-client environments
- Strong analytical, organizational, and documentation skills
- Excellent written and verbal communication skills
- Bachelor's degree in Cybersecurity, Information Systems, Risk Management, Information Assurance, Business, or a related field (or equivalent coursework, internships, or hands-on GRC experience)
- Working knowledge of cybersecurity governance, risk, and compliance frameworks or standards, such as: NIST Cybersecurity Framework (CSF)
- Working knowledge of cybersecurity governance, risk, and compliance frameworks or standards, such as: NIST Risk Management Framework (RMF) and select SP 800-series guidance
- Working knowledge of cybersecurity governance, risk, and compliance frameworks or standards, such as: ISO/IEC 27001 / 27002
- Working knowledge of cybersecurity governance, risk, and compliance frameworks or standards, such as: CIS Critical Security Controls
- Familiarity with risk assessment methodologies, control testing, and compliance documentation
- Entry-level to mid-level GRC-focused certifications are a plus, including: CISA (Certified Information Systems Auditor)
- Entry-level to mid-level GRC-focused certifications are a plus, including: CRISC (Certified in Risk and Information Systems Control)
- Entry-level to mid-level GRC-focused certifications are a plus, including: CGRC (ISC² Certified in Governance, Risk, and Compliance)
- Entry-level to mid-level GRC-focused certifications are a plus, including: ISO 27001 Foundation or Lead Implementer/Auditor
- Entry-level to mid-level GRC-focused certifications are a plus, including: CompTIA Security+ (as a foundational certification only)
- Basic understanding of regulatory, compliance, and data privacy concepts (e.g., audit readiness, third-party risk, policy management)
- Ability to document risks, controls, and findings clearly and consistently
- Comfortable working independently and collaboratively in a structured, client-facing GRC environment
Company Overview