Cybersecurity GRC Specialist

About The Position

Requirements

• 5+ years of experience in IT Governance, Risk, Compliance (GRC), cybersecurity, or information security
• Bachelor’s degree in Computer Science, Information Security, or related field preferred
• Experience with Third-Party Risk Management (TPRM) programs
• Prior experience with the ISO 27001:2022 Framework

Nice To Haves

• Security certifications such as CISSP, CISA, CRISC, or similar highly preferred
• Prior experience leading projects, initiatives, or mentoring team members preferred

Responsibilities

• Support the development and ongoing maturity of MLP’s IT risk management framework
• Conduct and oversee risk assessments to identify potential threats, vulnerabilities, and business impacts across systems and data environments
• Contribute to the development, maintenance, and enforcement of IT security policies, standards, and procedures
• Ensure policies align with regulatory requirements, internal governance standards, and industry best practices
• Provide guidance on secure system and application design
• Partner with IT teams to ensure security controls are incorporated into infrastructure, systems, and application development
• Support the development and delivery of security awareness programs for employees
• Promote a culture of security and risk awareness across the organization
• Assist in the development and maintenance of incident response procedures
• Participate in security incident investigations and response coordination as needed
• Help ensure IT systems and security practices comply with applicable laws, regulations, and industry standards
• Support internal and external audits and assist with remediation efforts when needed
• Review vendor security documentation, certifications, and controls to ensure alignment with MLP security standards
• Partner with procurement, legal, and technology teams to manage vendor risk throughout the vendor lifecycle
• Support the continuous improvement of MLP’s third-party risk management program
• Evaluate security technologies, tools, and solutions to strengthen the organization’s security posture
• Stay informed on emerging cybersecurity trends and recommend improvements where appropriate
• Work closely with IT teams including infrastructure, application development, and network security
• Provide guidance on security best practices and assist with implementing appropriate controls
• Communicate technology and security risks to leadership and key stakeholders
• Translate technical security concepts into clear business impact and risk language
• Review and respond to security questionnaires from clients, sponsors, and partners
• Evaluate vendor and partner security responses to assess risk exposure
• Support internal and external audit activities, including documentation preparation and evidence collection
• Partner with internal teams to address audit findings and strengthen controls
• Support contract reviews to ensure appropriate security and risk management provisions are included
• Collaborate with legal, procurement, and technology teams to align vendor agreements with security standards
• Contribute to the ongoing improvement of MLP’s risk, security, and governance programs
• Identify opportunities to enhance processes, controls, and risk visibility across the organization