GRC Specialist
About The Position
BCM One is looking to add a GRC Specialist to our growing global compliance team. In this role, you will bridge Information Security Governance, Risk & Compliance (GRC) and IT Service Management (ITSM) disciplines to strengthen our global IT operations and compliance posture. The GRC Specialist will work across security, compliance, and service management teams to ensure processes, controls, and IT services meet internal standards, industry regulations, and contractual requirements. This role will report to our Global Manager of Info Sec & GRC to support the monitoring, assessing, designing, implementing, and maintaining security processes that align with GRC frameworks. Additionally, the role will drive operational excellence, audit readiness, and risk mitigation. You’ll collaborate with teams across global cross-functional teams to ensure consistent service delivery and compliance across our environment.
Requirements
- 5+ years of experience in Security Governance, Risk & Compliance
- Strong knowledge of GRC frameworks such as ISO 27001, SOC 2, NIST 800-53, CIS Controls, GDPR
- Proven experience supporting internal and external audits
- Ability to identify, assess, and prioritize risks using risk-based thinking and sound judgment
- Skilled at monitoring security and compliance performance through KPIs, SLAs, and OLAs
- Strong documentation, analytical, organizational skills, and attention to detail
- Ability to manage multiple priorities and deadlines in a fast-paced, global environment
- Excellent communication skills, able to explain technical and compliance concepts to non-technical audiences
- Experience working cross-functionally with IT, security, compliance, and business teams across geographies
- Familiarity with ITIL processes (incident, problem, change, request, asset/configuration management)
- Proactive mindset with a commitment to integrity, confidentiality, and continuous learning
Nice To Haves
- Security/GRC certifications (e.g., CISSP, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, CompTIA Security+)
- Experience with IT Service Management, systems administration, and regulated industries (telecommunications, finance, healthcare)
- Experience working in global, multicultural teams and adapting to diverse cultures
Responsibilities
- Support development, implementation, and maintenance of GRC frameworks (e.g., ISO 27001, SOC 2, GDPR).
- Conduct risk assessments, control testing, compliance monitoring, and third-party security evaluations.
- Assist with internal/external audits by preparing evidence, reports, and remediation plans.
- Maintain documentation of policies, procedures, and controls per global standards.
- Collaborate with Privacy/Legal on data protection and facilitate privacy impact assessments.
- Facilitate Business Impact Assessments and oversee Business Continuity testing and updates.
- Monitor and report on Security GRC metrics to identify risks and improvement opportunities.
- Support change management to ensure security and compliance with minimal disruption.
- Coordinate between IT, Security, and Compliance teams to align service delivery with regulatory requirements.
- Deliver training and awareness programs, including phishing simulations and compliance education.
- Recommend and implement process improvements to reduce risk and enhance operational efficiency.
Benefits
- Competitive industry salaries
- Comprehensive medical, dental, and vision insurance
- Company-provided life and disability insurance
- Matching 401 (k) plan
- Employee Emergency Assistance Fund
- Paid holidays and vacation time
- FMLA
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
101-250 employees
