Cybersecurity Governance, Risk & Compliance Specialist

Description

• Support the rollout and ongoing development of our cybersecurity governance program
• Partner with stakeholders across the organization to improve security awareness and compliance
• Help drive cultural change by encouraging secure practices in day-to-day operations
• Develop and deliver engaging content and initiatives to foster a security-aware culture
• Work with GRC platforms to facilitate enterprise-wide risk assessments and track remediation efforts
• Assist in identifying control gaps and support control owners in understanding and addressing deficiencies, particularly within frameworks like SCF
• Contribute to internal and external cybersecurity audits by coordinating evidence collection and ensuring documentation is current and complete
• Bring fresh ideas to the table for improving communication, training, and adoption of security initiatives
• Track and report on program effectiveness, identifying opportunities for improvement

• 3–5 years of experience in cybersecurity, with a strong emphasis on governance, risk, and compliance (GRC)
• Proven experience leading or supporting organizational change efforts
• Excellent interpersonal skills and the ability to engage with diverse teams across all levels of the organization
• Demonstrated creativity in communicating and promoting security initiatives—ideally making them fun and relatable
• Self-starter with strong problem-solving skills and a proactive mindset
• Bachelor’s degree in Cybersecurity, Information Technology, Business, or a related field

• Cybersecurity certification(s), such as Security+, SSCP, CISM, or similar
• Experience with cybersecurity frameworks such as NIST CSF, ISO 27001, or Secure Controls Framework (SCF)
• Background in change management, organizational behavior, or internal communications
• Familiarity with tools for awareness and training campaigns