Information Security Governance Risk and Compliance (GRC) Specialist jobs in United States
info-icon
This job has closed.
company-logo

Hollstadt Consulting · 8 hours ago

Information Security Governance Risk and Compliance (GRC) Specialist

positionUnited States
timeContract
remoteRemote
seniorityMid Level
money$56.16/hr - $61.43/hr

Hollstadt Consulting is seeking an Information Security Governance Risk and Compliance (GRC) Specialist to backfill an existing position during a leave of absence. The role focuses on governance, risk management, and compliance activities, ensuring coverage of day-to-day duties and project work while maintaining confidentiality and integrity of sensitive information.

Consulting
check
Growth Opportunities

Responsibilities

Deliver updates and improvements to Information Security & Data Privacy documentation, including policies, standards, and procedures
Upon request, provide ad hoc reports summarizing program status and enhancement opportunities based on requested criteria
Ensure compliance activities adhere to NIST security and privacy standards and meet all relevant data protection regulatory obligations
Conduct and deliver risk assessments for systems, processes, and third-party engagements
Supports the execution of enterprise risk assessments and helps compile results for leadership review
Document and monitor remediation activities for identified risk findings, reporting to a risk committee monthly
Follow up assigned risk owners to drive remediation activities
Evaluate third-parties for security and privacy risks for new procurement and acquisition activities, typically via review of contracts, attestation evidence, or interviews
Support the review of third-party data processing agreements and assist contract and procurement teams to align to acceptable terms
Coordinate and assist with response to regulatory and customer inquiries related to third-party risk assessments
Perform security and privacy related control testing via evidence collection, process reviews, and stakeholder interviews
Ensure implementation of controls meet policy requirements, and identify non-compliant controls for remediation activities
Produce evidence packages, test results, and compliance summaries for tested controls
Deliver technology audit readiness packages, evidence collections, and audit response documentation
Coordinate external and internal audit activities with internal stakeholders, ensuring appropriate teams and resources are identified
Track and report on remediation tasks related to audit findings
Maintain documentation of controls in the GRC technology platform, ServiceNow, to support program needs

Qualification

NIST complianceRisk assessmentsThird-party risk managementServiceNowInterpersonal skillsWritten communicationOral presentation

Required

High level of professional integrity to ensure confidentiality of systems, processes, and data
Experience in delivering updates and improvements to Information Security & Data Privacy documentation, including policies, standards, and procedures
Ability to provide ad hoc reports summarizing program status and enhancement opportunities
Knowledge of NIST security and privacy standards and relevant data protection regulatory obligations
Experience conducting and delivering risk assessments for systems, processes, and third-party engagements
Ability to support the execution of enterprise risk assessments and compile results for leadership review
Experience documenting and monitoring remediation activities for identified risk findings
Ability to evaluate third-parties for security and privacy risks for new procurement and acquisition activities
Experience supporting the review of third-party data processing agreements
Ability to coordinate and assist with responses to regulatory and customer inquiries related to third-party risk assessments
Experience performing security and privacy related control testing
Ability to produce evidence packages, test results, and compliance summaries for tested controls
Experience coordinating external and internal audit activities
Ability to track and report on remediation tasks related to audit findings
Experience maintaining documentation of controls in the GRC technology platform, ServiceNow
Demonstrate ability to educate business stakeholders on risk-based decisions
Demonstrate strong interpersonal skills to participate in cross-functional teams remediation efforts
Demonstrate strong written and oral presentation skills
Demonstrate the ability to work independently or with a team

Company

Hollstadt Consulting

twittertwitter
company-logo
Hollstadt Consulting, a woman-owned firm in Minnesota.
dateFounded in 1990
location
Mendota, Minnesota, USA
people-size201-500 employees
web-link
http://www.hollstadt.com

Funding

Current Stage
Growth Stage

Leadership Team

M
Molly Jungbauer
CEO
linkedin

Recent News

PR Newswire
CaringBridge and Hollstadt Consulting Unite to Honor National Family Caregivers Month, Amplifying Support for Family Caregivers
2024-11-12
Company data provided by crunchbase