Bee Talent Solutions
Cybersecurity Governance Risk and Compliance (GRC) Specialist
Bee Talent Solutions, Bellevue, Washington, us, 98009
As a GRC Specialist, you will be responsible for ensuring client's cybersecurity strategies and policies are in compliance with industry regulations and mitigate risks to ensure data security. You will partner with Legal, Compliance and Regulatory Affairs staff to develop and enforce policy and monitor compliance with applicable requirements. You will also work with various teams within the organization to identify risks and develop and implement effective risk management strategies.
Responsibilities:
Partner with Legal, Compliance, and Regulatory Affairs to manage overall compliance with internal policies, nuclear regulations (NIRMA, CFR), applicable law (HIPAA, GDPR), and information security industry standards (NIST, ISO/IEC). Develop, maintain, and enforce the organization's information security policies, processes, and procedures. Manage the company's System Security Plan (SSP) in alignment with our security controls. Maintain the company's cybersecurity Plan of Action and Milestones (POA&M) assigning risk values to the matrix to drive priority. Conduct and participate in internal and external audits for compliance with applicable laws, regulations, and industry standards. Develop and maintain an effective cybersecurity risk management program, including risk assessments, vulnerability assessments, and threat assessments. Assist in creating, maintaining and reporting of a corporate Risk Register for leadership review. Work with cross-functional teams to identify and assess security vulnerabilities and develop effective mitigation strategies. Ensure incident response policies, playbooks, and escalation procedures are in place. Contribute to development of information security awareness training to ensure all staff members are knowledgeable with the organization's cybersecurity policies, procedures, and standards. Key Qualifications and Skills:
Minimum of 5 years of experience in cybersecurity governance, risk, and compliance roles. Knowledge of industry regulations and standards, such as NIRMA, Code of Federal Regulations (10 CFR Part 810), HIPAA, FedRamp, CMMC, GDPR, NIST Cybersecurity Framework (especially 800-53 and 800-171), ISO 27001, etc. Proven track record of coordinating with external auditors and participating in compliance audits. Strong analytical, critical-thinking, and problem-solving skills, with the ability to identify and assess risks and develop effective mitigation strategies. Excellent communication skills, both verbal and written, with the ability to communicate complex cybersecurity concepts to technical and non-technical audiences. Willing to share knowledge and assist others in understanding technical and business topics. Strong project management skills, with the ability to manage multiple projects simultaneously and meet tight deadlines. Familiarity with security assessment tools and techniques, such as vulnerability scanning and penetration testing. Self-motivated, constructive and positive attitude. The successful candidate will possess a high degree of trust and integrity, communicate openly and display respect and a desire to foster teamwork. Required Qualifications:
Bachelor's degree in Computer Science, Information Security, or related field. At least one industry certification (e.g., CISA, CISM, CGEIT, CRISC, CISSP, ISAAP, GRCP). Experience effectively managing security controls in hybrid (Cloud & on-prem) environments. Experience working in a heavily regulated industry. Project management experience is preferred.
Responsibilities:
Partner with Legal, Compliance, and Regulatory Affairs to manage overall compliance with internal policies, nuclear regulations (NIRMA, CFR), applicable law (HIPAA, GDPR), and information security industry standards (NIST, ISO/IEC). Develop, maintain, and enforce the organization's information security policies, processes, and procedures. Manage the company's System Security Plan (SSP) in alignment with our security controls. Maintain the company's cybersecurity Plan of Action and Milestones (POA&M) assigning risk values to the matrix to drive priority. Conduct and participate in internal and external audits for compliance with applicable laws, regulations, and industry standards. Develop and maintain an effective cybersecurity risk management program, including risk assessments, vulnerability assessments, and threat assessments. Assist in creating, maintaining and reporting of a corporate Risk Register for leadership review. Work with cross-functional teams to identify and assess security vulnerabilities and develop effective mitigation strategies. Ensure incident response policies, playbooks, and escalation procedures are in place. Contribute to development of information security awareness training to ensure all staff members are knowledgeable with the organization's cybersecurity policies, procedures, and standards. Key Qualifications and Skills:
Minimum of 5 years of experience in cybersecurity governance, risk, and compliance roles. Knowledge of industry regulations and standards, such as NIRMA, Code of Federal Regulations (10 CFR Part 810), HIPAA, FedRamp, CMMC, GDPR, NIST Cybersecurity Framework (especially 800-53 and 800-171), ISO 27001, etc. Proven track record of coordinating with external auditors and participating in compliance audits. Strong analytical, critical-thinking, and problem-solving skills, with the ability to identify and assess risks and develop effective mitigation strategies. Excellent communication skills, both verbal and written, with the ability to communicate complex cybersecurity concepts to technical and non-technical audiences. Willing to share knowledge and assist others in understanding technical and business topics. Strong project management skills, with the ability to manage multiple projects simultaneously and meet tight deadlines. Familiarity with security assessment tools and techniques, such as vulnerability scanning and penetration testing. Self-motivated, constructive and positive attitude. The successful candidate will possess a high degree of trust and integrity, communicate openly and display respect and a desire to foster teamwork. Required Qualifications:
Bachelor's degree in Computer Science, Information Security, or related field. At least one industry certification (e.g., CISA, CISM, CGEIT, CRISC, CISSP, ISAAP, GRCP). Experience effectively managing security controls in hybrid (Cloud & on-prem) environments. Experience working in a heavily regulated industry. Project management experience is preferred.