IT Security GRC Specialist

Company Description

Workleap is the one simple employee experience platform to elevate hybrid work.

With over 20,000 happy customers in more than 100 countries, Workleap allows you to listen to your employees, align your teams and grow everyone’s potential so they can deliver their best work.

Job Description

So, what will your new role look like?

We are seeking an IT Security GRC Specialist to join our dynamic and collaborative team. This role is essential for driving the development and implementation of governance frameworks and supporting an IT security risk management program. As an IT Security GRC Specialist, you will play a critical role maturing our Sales Enablement and Vendor Risk Management programs, while operationalizing our SOC2 program and building out our IT governance processes.

Key Responsibilities:

• Operate and mature our Vendor Risk Management and Sales Enablement processes by performing vendor risk assessments and responding to customer security questionnaires.
• Develop and implement governance frameworks to streamline IT processes and reduce risks.
• Conduct risk assessments and internal audits.
• Collaborate with IT and Security teams to enhance policies and controls.
• Regularly update risk documentation and compliance/metrics reporting.
• Manage cross-departmental projects to align IT processes with businessstrategies**.**
• Train and guide the team on compliance best practices.
• Work with our existing GRC and Sales Enablement tools.

Opportunities for Growth:

• Advancement to a senior GRC role within 2-3 years.
• Potential to lead larger and more complex compliance and risk projects.
• Opportunities to contribute to strategic planning at the organizational level.

Interaction and Collaboration: This role involves daily interactions with IT, Security, Sales, Legal, and Procurement teams, and as-needed interactions with external auditors. The nature of collaboration ranges from daily operational tasks to strategic planning sessions.

• This role involves daily interactions with IT, Security, Sales, Legal, and Procurement teams, and as-needed interactions with external auditors. The nature of collaboration ranges from daily operational tasks to strategic planning sessions.
• Some projects include:
  • Revamping and enhancing our Vendor Risk Management and Sales Enablement processes.
  • Overseeing the operationalization of the SOC2 program using our existing GRC tools.

A typical week?

• Kick off the week with a team meeting to align on priorities and projects.
• Conduct vendor risk assessments and respond to security questionnaires from potential & existing clients.
• Work on enhancing IT governance frameworks. Meet with the IT & Security teams to discuss updates to policies and control mechanisms.
• Conduct internal risk assessments and audits. Prepare reports and present findings to management.
• Dedicate time for professional development and training. End the week by updating compliance and metrics reporting, and setting up the next week’s tasks.

What does your future team look like?

• Structure: Our team consists of Security Operations, Application Security and GRC, led by the CISO. The team is expected to double in size in the current calendar year.
• Collaborative Environment: Our team is collaborative, agile, and committed to continuous improvement. We support each other to achieve collective goals while also emphasizing personal professional development. We are looking for someone who can bring operational support, innovative ideas, a strong work ethic, and a proactive approach to enhance our GRC processes.

What are the next challenges awaiting your team?

• Operationalizing the SOC2 Program: Fully integrating SOC2 requirements into our daily operations using the GRC tool to streamline compliance and ensure continuous monitoring.
• Enhancing Vendor Risk Management: Revamping the vendor risk management program to improve our ability to mitigate potential security and compliance risks.
• Maturing Sales Enablement: Developing more sophisticated security questionnaires for the sales enablement program to gain efficiencies in the process.
• Cross-Departmental Collaboration Projects: Managing projects that require synchronization between different departments such as IT, legal, and procurement to align IT processes with broader business strategies.

Qualifications

Educational Requirements:

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field or equivalent combination of education & experience.

Professional Experience:

• Minimum of 5 years of experience in IT, information security, risk management or IT audit.
• Previous experience in a technical capacity or IT risk.
• Experience in conducting technical risk assessments, compliance audits, and vendor risk management.

Certifications and Industry Knowledge:

• Preferred certifications include Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC).
• Strong knowledge of common information security management frameworks such as ISO/IEC 27001, NIST 800-53, and SOC2.
• Proficiency in using GRC platforms and tools.
• Familiarity with IT and security policy formulation and compliance monitoring.

Additional Skills:

• Excellent analytical and problem-solving skills.
• Strong project management abilities and attention to detail.
• Ability to handle confidential information with discretion.
• Strong interpersonal and communication skills to effectively interact with various departments and stakeholders.
• Highly motivated, proactive, and capable of working on own initiative with minimal supervision.
• Adaptability and willingness to learn new technologies and frameworks in a rapidly evolving environment.

Additional Information

At Workleap, we build together, we trust each other, and we support each other in success or failure. You will be able to express yourself, evolve and develop your creativity in an environment that will adapt to your daily life and your needs.

We strive to create a healthy and inclusive work environment. This is everyone’s business.

Our Candidate Experience Flow at Workleap:
Phone Screen - Virtual Interview using Microsoft Teams - Work Sample - Job Offer

We are looking forward to getting to know you!

By applying to this job, you are confirming that you have read and agree to the terms of our privacy policy.

#LI-Remote