GRC Specialist (Governance, Risk & Compliance)$90K/yr - $120Kyr jobs in United States
cer-icon
Apply on Employer Site
company-logo

360CyberX · 6 days ago

GRC Specialist (Governance, Risk & Compliance)$90K/yr - $120Kyr

positionUnited States
timeFull-time
remoteRemote
seniorityEntry, Mid Level
money$90K/yr - $120K/yr

360CyberX is a company focused on cybersecurity initiatives, and they are seeking a GRC Specialist to support enterprise cybersecurity governance, risk management, and compliance efforts. The role involves performing risk assessments, maintaining governance documentation, and collaborating with stakeholders to ensure compliance with regulatory requirements.

Computer & Network Security

Responsibilities

Support enterprise governance, risk, and compliance (GRC) activities aligned with industry frameworks and regulatory requirements
Perform cybersecurity and technology risk assessments in collaboration with security, IT, and business stakeholders
Assist with the identification, documentation, and tracking of security risks, issues, and remediation efforts
Maintain and update risk registers, control inventories, and compliance documentation
Support third-party and vendor risk assessments throughout the vendor lifecycle
Assist with control reviews, gap analyses, and evidence collection for audits and compliance initiatives
Contribute to the development and maintenance of security policies, standards, and procedures
Track remediation activities and help ensure timely closure of identified risks and findings
Collaborate with cross-functional teams to validate controls and risk mitigation strategies
Support internal and external audits, client assessments, and special GRC-related projects as assigned

Qualification

Cybersecurity governanceRisk managementComplianceRisk assessmentVendor risk managementAudit supportNIST Cybersecurity FrameworkISO/IEC 27001CISA certificationCRISC certificationCGRC certificationCompTIA Security+Analytical skillsDocumentation skillsCommunication skills

Required

Knowledge or experience in one or more of the following areas: Cybersecurity governance, risk management, or compliance (GRC)
Knowledge or experience in one or more of the following areas: Cybersecurity or technology risk assessment
Knowledge or experience in one or more of the following areas: Third-party or vendor risk management
Knowledge or experience in one or more of the following areas: Audit support or compliance readiness activities
Strong understanding of core cybersecurity and risk management concepts
Ability to analyze risks, document findings, and communicate clearly with technical and non-technical stakeholders
Experience working in enterprise, consulting, or multi-client environments
Strong analytical, organizational, and documentation skills
Excellent written and verbal communication skills

Preferred

Bachelor's degree in Cybersecurity, Information Systems, Risk Management, Information Assurance, Business, or a related field (or equivalent coursework, internships, or hands-on GRC experience)
Working knowledge of cybersecurity governance, risk, and compliance frameworks or standards, such as: NIST Cybersecurity Framework (CSF)
Working knowledge of cybersecurity governance, risk, and compliance frameworks or standards, such as: NIST Risk Management Framework (RMF) and select SP 800-series guidance
Working knowledge of cybersecurity governance, risk, and compliance frameworks or standards, such as: ISO/IEC 27001 / 27002
Working knowledge of cybersecurity governance, risk, and compliance frameworks or standards, such as: CIS Critical Security Controls
Familiarity with risk assessment methodologies, control testing, and compliance documentation
Entry-level to mid-level GRC-focused certifications are a plus, including: CISA (Certified Information Systems Auditor)
Entry-level to mid-level GRC-focused certifications are a plus, including: CRISC (Certified in Risk and Information Systems Control)
Entry-level to mid-level GRC-focused certifications are a plus, including: CGRC (ISC² Certified in Governance, Risk, and Compliance)
Entry-level to mid-level GRC-focused certifications are a plus, including: ISO 27001 Foundation or Lead Implementer/Auditor
Entry-level to mid-level GRC-focused certifications are a plus, including: CompTIA Security+ (as a foundational certification only)
Basic understanding of regulatory, compliance, and data privacy concepts (e.g., audit readiness, third-party risk, policy management)
Ability to document risks, controls, and findings clearly and consistently
Comfortable working independently and collaboratively in a structured, client-facing GRC environment

Company

360CyberX

twitter
company-logo
360Cyberx, LLC is a security-first technology partner that helps organizations prevent breaches, keep systems online, and prove compliance.
dateFounded in 2020
location
Dallas, Texas, US
people-size11-50 employees
web-link
https://www.360Cyberx.com

Funding

Current Stage
Early Stage
Company data provided by crunchbase