Governance, Risk, and Compliance Specialist

Company Description

CapTech is an award-winning consulting firm that collaborates with clients to achieve what’s possible through the power of technology. At CapTech, we’re passionate about the work we do and the results we achieve for our clients. From the outset, our founders shared a collective passion to create a consultancy centered on strong relationships that would stand the test of time. Today we work alongside clients that include Fortune 100 companies, mid-sized enterprises, and government agencies, a list that spans across the country.

Job Description

We are looking for a detail-oriented GRC Specialist to support our Governance, Risk, and Compliance functions. You’ll focus on executing third-party risk assessments, managing security awareness training, supporting policy reviews, and assisting with information security compliance initiatives.

Key Responsibilities:

• Conduct technical risk evaluations of third parties’ tools, platforms, and services.
• Perform vendor due diligence in accordance with SOC 2 and internal standards.
• Prepare and present assessment findings to the GRC Manager and Head of Information Security for final review and approval.
• Make recommendations to strengthen vendor security posture.
• Select and implement annual security awareness training programs.
• Maintain and deliver security training for new hires, aligned with company policies.
• Assist in the maintenance and review of ITGRC policies and procedures, collaborating with policy owners to ensure documents are current and aligned with controls.
• Support in responding to incoming information security questionnaires from clients or partners.
• Support evidence collection efforts for audits and internal reviews.
• Learn and contribute to broader GRC functions under the guidance of the GRC Manager.

Qualifications

• 1–3 years of experience in Information Security, Risk, Compliance, or IT Audit.
• Certified Governance, Risk, Compliance (CGRC), Security+, or agreed certification to be attained within agreed timeframe, or other combinations of experience and relevant certifications preferred.
• Working understanding of SOC 2, NIST 800-53, and ISO 27001 or similar frameworks required.
• Excellent oral and written communication ability, especially for communicating technical risks to a non-technical audience.
• Strong knowledge of the Microsoft Office suite of tools.
• Strong problem-solving, analytical, and critical thinking skills.
• Eagerness to learn and grow.
• Highly organized and ability to manage tasks independently while seeking guidance when appropriate.
• Prior experience with vendor management or third-party risk assessments preferred.
• Prior experience with SOC 2 and NIST 800-53 compliance preferred.

Additional Information

We want everyone at CapTech to be able to envision a lasting and rewarding career here, which is why we offer a variety of career paths based on your skills and passions.  You decide where and how you want to develop, and we help get you there with customizable career progression.

CapTech is an equal opportunity employer committed to fostering a culture of equality, inclusion and fairness — each foundational to our core values.  We strive to create a diverse environment where each employee is encouraged to bring their unique ideas, backgrounds and experiences to the workplace. For more information about our Diversity, Inclusion and Belonging efforts, click HERE. 

At this time, CapTech cannot transfer nor sponsor a work visa for this position. Applicants must be authorized to work directly for any employer in the United States without visa sponsorship.