Governance, Risk, and Compliance Specialist

CapTech is an award-winning consulting firm that collaborates with clients to achieve what’s possible through the power of technology. At CapTech, we’re passionate about the work we do and the results we achieve for our clients. From the outset, our founders shared a collective passion to create a consultancy centered on strong relationships that would stand the test of time. Today we work alongside clients that include Fortune 100 companies, mid-sized enterprises, and government agencies, a list that spans across the country.

We are looking for a detail-oriented person with the ability to see the big picture, GRC Specialist to support our Governance, Risk, and Compliance functions. You’ll focus on executing third-party risk assessments, managing security awareness training, supporting policy reviews, and assisting with information security compliance initiatives.

Key Responsibilities:

• Conduct technical risk evaluations of third parties’ tools, platforms, and services.
• Perform vendor due diligence and appropriately advise the business on risk response decisions in accordance with SOC 2 and internal standards.
• Prepare and present assessment findings for the GRC Lead and Head of Information Security for final review and approval.
• Make recommendations to strengthen vendor security posture.
• Brainstorm, document, and formulate areas for Information Security improvement that balance risk with business operations and encourage efficiencies or innovation. 
• Construct security program content around key areas of corporate and cyber risk.
• Support the development and tracking of KPIs and KRIs to enable effective risk reporting and business insights.
• Maintain and deliver security training for new hires, aligned with company policies.
• Assist in the maintenance and review of ITGRC policies, standards, and procedures, collaborating with policy owners to ensure documents are current and aligned with controls.
• Support responses to information security questionnaires from clients or partners.
• Support evidence collection and communication between auditors and stakeholders for external audits and internal reviews.
• Learn and contribute to broader GRC functions under the guidance of the GRC Lead.

• 1–3 years of experience in Information Security, Risk, Compliance, or IT Audit.
• Certified Governance, Risk, Compliance (CGRC), Certified in Risk and Information Systems Control (CRISC), Security+, or agreed certification to be attained within agreed timeframe, or other combinations of experience and relevant certifications preferred.
• Working understanding of SOC 2, NIST 800-53, and ISO 27001 or similar frameworks required. Prior experience with SOC 2 and NIST 800-53 compliance preferred.
• An understanding of AI governance risks (bias, transparency, and data privacy) and familiarity with frameworks such as NIST AI RMF, ISO 42001, and AIUC-1.
• Willingness to learn/utilize AI tools for process automation
• Experience or interest in GRC engineering, including supporting configuration, automation, or workflows.
• Excellent oral and written communication ability, especially for communicating technical risks to a non-technical audience.
• Strong knowledge of the Microsoft Office suite of tools.
• Strong problem-solving, analytical, and critical thinking skills.
• Eagerness to learn and grow.
• Highly organized and ability to manage tasks independently while seeking guidance when appropriate.
• Prior experience with vendor management or third-party risk assessments preferred.

We want everyone at CapTech to be able to envision a lasting and rewarding career here, which is why we offer a variety of career paths based on your skills and passions.  You decide where and how you want to develop, and we help get you there with customizable career progression.

CapTech is an equal opportunity employer committed to fostering a culture of equality, inclusion and fairness — each foundational to our core values.  We strive to create a diverse environment where each employee is encouraged to bring their unique ideas, backgrounds and experiences to the workplace. For more information about our Diversity, Inclusion and Belonging efforts, click HERE. 

At this time, CapTech cannot transfer nor sponsor a work visa for this position. Applicants must be authorized to work directly for any employer in the United States without visa sponsorship.