Job Description

Job Brief

• We are looking for an experienced Information Security Specialist to work within a GRC department, focusing on the Continuous Monitoring program, partnering with technical teams to track risks and improve central effectiveness.

Responsibilities

• Maintain and evolve the Common Control Framework (CCF), ensuring it reflects updates across regulatory standards and certification programs such as SOC 2, ISO 27001, PCI-DSS, NIST, etc. 
• Lead the enterprise-wide Continuous Monitoring (ConMon) initiative to proactively identify, track, and remediate vulnerabilities, supported by precise documentation and timely reporting
• Perform periodic control reviews to assess the performance of technical, administrative, and operational controls, using findings to enhance the control framework.
• Oversee the risk exception and deviation process, managing intake, evaluation, documentation, and tracking of mitigating controls.
• Coordinate with cross-functional stakeholders, including Security, Engineering, IT, Legal, and Privacy, to conduct compliance check-ins, track follow-ups, and escalate outstanding risks.
• Support readiness for external audits and internal assessments by aligning controls to evidence, maintaining documentation, and partnering with control owners to demonstrate compliance.
• Contribute to incident response documentation by evaluating compliance implications, supporting reporting requirements, and capturing lessons learned during post-incident analyses.
• Work alongside Security and Engineering teams to review vulnerability scan outputs and threat intelligence reports, assess risk levels, and guide prioritization of remediation efforts.
• Maintain core compliance artifacts such as policies, procedures, control narratives, risk logs, and remediation plans to ensure program integrity and audit preparedness.
• Build and refine compliance dashboards and metrics, leveraging POA&M-style tracking to visualize program status, risk posture, and maturity progression.
• Drive continuous improvement of compliance operations by identifying automation opportunities, reducing manual efforts, and ensuring the CCF adapts to evolving regulatory and threat environments.

Requirements and Skills

• Minimum of 3 years of hands-on experience in compliance, IT audit, security assurance, or a closely related discipline, preferably within SaaS or tech-driven environments
• Familiarity with key regulatory and industry standards such as SOC 2, ISO 27001, PCI-DSS, and NIST SP 800-53.
• Demonstrated expertise in conducting risk assessments, managing vulnerabilities, and performing control evaluations or testing.
• Adept at working cross-functionally, with strong interpersonal and communication skills to bridge business and technical teams.
• Highly organized with a detail-oriented mindset, capable of managing competing priorities while maintaining a structured and well-documented workflow.
• Holds a bachelor’s degree in a relevant discipline (e.g., Information Security, Risk Management, Computer Science), or equivalent hands-on experience in the field.
  
  

• Do you consider yourself the ideal candidate for this role? If so, take the next step and apply now. Our team will take care of the rest.