B12 Consulting
Overview
Senior GRC Specialist plays critical leadership role in Harris CountyToll Road Authority risk and compliance initiatives. Responsible for developing and managing GRC frameworks, overseeing key regulatory compliance programs (PCI DSS, SOC 1, SOC 2), conducting vendor risk and third-party assessments, and ensuring alignment with industry standards ISO 27001 and NIST. Works across departments to drive risk awareness culture, mentor junior staff, manage high-impact projects. Responsibilities
Develop and maintain GRC frameworks and policies aligning with industry standards and regulatory requirements PCI DSS, SOC 1, SOC 2, ISO 27001, NIST. Lead enterprise risk management (ERM) activities, including risk identification, assessments, mitigation planning, and maintenance of risk registers and treatment plans. Manage and continuously improve compliance programs for PCI DSS and SOC 1/SOC 2, including readiness assessments, evidence collection, audit coordination, and remediation tracking. Oversee third-party risk management (TPRM) program, conducting vendor due diligence, security assessments, and contract reviews to ensure appropriate risk controls are in place. Evaluate third-party audit reports, assess control effectiveness, and work with stakeholders to address identified gaps or risks. Coordinate internal and external audits, ensuring timely and accurate responses to requests, and managing corrective action plans when necessary. Provide guidance and training on GRC policies, support awareness initiatives, and mentor junior team members or lead cross-functional risk and compliance projects. Leverage GRC tools and platforms (RSA Archer, ServiceNow GRC, LogicGate) to automate workflows, track compliance efforts, and generate risk and compliance reports for executive stakeholders. Skills
Enterprise risk management and regulatory compliance standards expertise. Hands‑on experience with PCI DSS, SOC 1 / SOC 2, ISO 27001, and NIST CSF. Strong grasp of third‑party risk management principles and practices. Experience assessing and managing risk associated with vendors and cloud service providers. Proficiency in reviewing and interpreting SOC reports, security assessments, and contractual obligations. Familiarity with GRC systems and platforms; experience with ServiceNow GRC or similar tools preferred. Excellent analytical, problem‑solving, and risk assessment skills. Strong communication skills, with the ability to translate complex security and compliance issues into business‑relevant language. Ability to build cross‑functional relationships and lead multi‑departmental initiatives. Capable of managing multiple concurrent projects in a fast‑paced environment. Required Education
Bachelor’s degree in information security, Risk Management, Business Administration, or related field. 5–7 years of progressive experience in GRC, compliance, audit, or risk management roles. Minimum 2–3 years of direct experience managing PCI DSS and SOC 1 / SOC 2 compliance efforts. Proven experience developing and managing vendor risk and third‑party assessment programs. Leadership or mentoring experience in a GRC or risk‑focused role. Preferred professional certifications: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Governance of Enterprise IT (CGEIT), PCI Professional (PCIP) or similar PCI‑related certification.
#J-18808-Ljbffr
Senior GRC Specialist plays critical leadership role in Harris CountyToll Road Authority risk and compliance initiatives. Responsible for developing and managing GRC frameworks, overseeing key regulatory compliance programs (PCI DSS, SOC 1, SOC 2), conducting vendor risk and third-party assessments, and ensuring alignment with industry standards ISO 27001 and NIST. Works across departments to drive risk awareness culture, mentor junior staff, manage high-impact projects. Responsibilities
Develop and maintain GRC frameworks and policies aligning with industry standards and regulatory requirements PCI DSS, SOC 1, SOC 2, ISO 27001, NIST. Lead enterprise risk management (ERM) activities, including risk identification, assessments, mitigation planning, and maintenance of risk registers and treatment plans. Manage and continuously improve compliance programs for PCI DSS and SOC 1/SOC 2, including readiness assessments, evidence collection, audit coordination, and remediation tracking. Oversee third-party risk management (TPRM) program, conducting vendor due diligence, security assessments, and contract reviews to ensure appropriate risk controls are in place. Evaluate third-party audit reports, assess control effectiveness, and work with stakeholders to address identified gaps or risks. Coordinate internal and external audits, ensuring timely and accurate responses to requests, and managing corrective action plans when necessary. Provide guidance and training on GRC policies, support awareness initiatives, and mentor junior team members or lead cross-functional risk and compliance projects. Leverage GRC tools and platforms (RSA Archer, ServiceNow GRC, LogicGate) to automate workflows, track compliance efforts, and generate risk and compliance reports for executive stakeholders. Skills
Enterprise risk management and regulatory compliance standards expertise. Hands‑on experience with PCI DSS, SOC 1 / SOC 2, ISO 27001, and NIST CSF. Strong grasp of third‑party risk management principles and practices. Experience assessing and managing risk associated with vendors and cloud service providers. Proficiency in reviewing and interpreting SOC reports, security assessments, and contractual obligations. Familiarity with GRC systems and platforms; experience with ServiceNow GRC or similar tools preferred. Excellent analytical, problem‑solving, and risk assessment skills. Strong communication skills, with the ability to translate complex security and compliance issues into business‑relevant language. Ability to build cross‑functional relationships and lead multi‑departmental initiatives. Capable of managing multiple concurrent projects in a fast‑paced environment. Required Education
Bachelor’s degree in information security, Risk Management, Business Administration, or related field. 5–7 years of progressive experience in GRC, compliance, audit, or risk management roles. Minimum 2–3 years of direct experience managing PCI DSS and SOC 1 / SOC 2 compliance efforts. Proven experience developing and managing vendor risk and third‑party assessment programs. Leadership or mentoring experience in a GRC or risk‑focused role. Preferred professional certifications: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Governance of Enterprise IT (CGEIT), PCI Professional (PCIP) or similar PCI‑related certification.
#J-18808-Ljbffr