GRC Specialist (Governance, Risk & Compliance) jobs in United States
cer-icon
Apply on Employer Site
company-logo

360CyberX · 3 hours ago

GRC Specialist (Governance, Risk & Compliance)

positionUnited States
timeFull-time
remoteRemote
seniorityMid Level

360CyberX is seeking a GRC Specialist to support and maintain governance, risk management, and compliance programs. The role involves working with various stakeholders to translate regulatory requirements into practical controls while conducting risk assessments and supporting compliance initiatives.

Computer & Network Security

Responsibilities

Support the development, implementation, and maintenance of governance, risk, and compliance programs across enterprise and client environments
Conduct risk assessments, gap analyses, and control evaluations aligned with frameworks such as NIST, ISO 27001, CIS, SOC 2, HIPAA, PCI DSS, and other applicable standards
Assist in the development, review, and enforcement of security policies, standards, procedures, and guidelines
Support internal and external audits by gathering evidence, tracking findings, and assisting with remediation efforts
Maintain risk registers, compliance documentation, and control inventories, ensuring accuracy and audit readiness
Perform vendor and third-party risk assessments, including security questionnaires and risk reviews
Collaborate with technical teams to map security and privacy requirements to implemented controls
Track regulatory and contractual requirements and support ongoing compliance monitoring
Prepare reports, metrics, and executive-level summaries related to risk posture and compliance status
Contribute to continuous improvement initiatives to strengthen governance maturity and risk management practices

Qualification

Governance principlesRisk managementCompliance frameworksRisk assessmentsAnalytical skillsBachelor’s degreeCGRC certificationCISA certificationCRISC certificationSecurity+ certificationISO 27001 Lead ImplementerDocumentation skillsCollaboration skills

Required

Strong understanding of governance, risk management, and compliance principles within cybersecurity and information security domains
Hands-on experience with risk assessments, compliance reviews, and control validation activities
Familiarity with security and compliance frameworks such as NIST CSF/RMF, ISO 27001, CIS Controls, SOC 2, and regulatory requirements as applicable
Experience supporting audits and compliance initiatives, including evidence collection and remediation tracking
Strong analytical and documentation skills, with the ability to translate technical and regulatory requirements into clear, actionable guidance
Ability to collaborate effectively with technical and non-technical stakeholders
Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or a related field

Preferred

Relevant certifications such as CGRC, CISA, CRISC, Security+, ISO 27001 Lead Implementer, or similar

Company

360CyberX

twitter
company-logo
360Cyberx, LLC is a security-first technology partner that helps organizations prevent breaches, keep systems online, and prove compliance.
dateFounded in 2020
location
Dallas, Texas, US
people-size11-50 employees
web-link
https://www.360Cyberx.com

Funding

Current Stage
Early Stage
Company data provided by crunchbase