GRC (Governance, Risk & Compliance) Expert
micro1 · NAMER
- Remote
- Part-time
- $120,000 / year
Job highlights
- Strengthen compliance and risk management posture.
- Execute, optimize, and report on GRC activities.
- Conduct risk assessments and identify mitigation strategies.
- Lead compliance audits and policy analysis.
- Collaborate with stakeholders to address gaps.
About the role
GRC Specialist
Join our customer's team as an expert GRC Specialist and play a pivotal role in strengthening organizational compliance and risk management posture. You will leverage your expertise in regulatory frameworks and risk assessment methodologies to execute, optimize, and report on governance, risk, and compliance activities. This is a highly visible role for someone passionate about ensuring organizational resilience in regulated environments.
Key Responsibilities:
- Conduct comprehensive risk assessments and facilitate the identification, evaluation, and mitigation of compliance and operational risks
- Map controls and processes to established regulatory and security frameworks (e.g., NIST 800-53, ISO 27001, SOX)
- Lead and support internal and external compliance audits, ensuring accurate and timely documentation
- Analyze, draft, and update compliance documentation and governance policies
- Collaborate cross-functionally with business, IT, and legal stakeholders to address risk and compliance gaps
- Produce clear, actionable audit reports and remediation recommendations
- Monitor changes in regulatory requirements relevant to the organization's industry and advise on policy or process updates
Required Skills and Qualifications:
- Minimum 3 years of experience in GRC, IT Risk, Compliance, or Audit roles within regulated industries
- Hands-on expertise with regulatory and security frameworks such as NIST, ISO, SOX, HIPAA, or GDPR
- Strong analytical reasoning, problem-solving, and attention to detail
- Exceptional written and verbal communication skills for reporting and stakeholder engagement
- Proven experience in risk assessment methodologies, control design/testing, and compliance audits
- Demonstrated ability to analyze policies and make actionable recommendations
- Skilled in cross-functional collaboration and policy analysis
Preferred Qualifications:
- Relevant certifications: CISSP, CISA, CRISC, or CIA
- Practical experience in financial services, healthcare, or technology sectors
- In-depth expertise in one or more domains: Cybersecurity, AML/SOX, HIPAA/GDPR compliance, or Third-Party Risk Management
As a key member of the customer's team, your contributions will directly support the organization's mission to maintain the highest standards of governance, risk, and compliance. If you are detail-oriented, proactive, and thrive in dynamic, regulated environments, we encourage you to apply and help drive excellence in GRC practices.
Key skills/competency:
- GRC Specialist
- Risk Assessment
- Compliance
- Regulatory Frameworks
- NIST
- ISO 27001
- SOX
- HIPAA
- GDPR
- IT Audit
Skills & topics
- GRC Specialist
- Governance
- Risk
- Compliance
- NIST
- ISO 27001
- SOX
- HIPAA
- GDPR
- IT Audit
- Risk Assessment
- Policy Analysis
- Regulatory Compliance
- Remote
- Contractor
How to get hired
- Tailor your resume: Highlight your GRC experience, regulatory framework knowledge (NIST, ISO, SOX, HIPAA, GDPR), and audit expertise.
- Showcase your skills: Emphasize analytical reasoning, problem-solving, communication, and cross-functional collaboration in your application.
- Prepare for interviews: Be ready to discuss your experience with risk assessment, control testing, and policy analysis in regulated industries.
- Highlight certifications: Mention any relevant certifications like CISSP, CISA, CRISC, or CIA to demonstrate specialized knowledge.
Technical preparation
Master NIST, ISO, SOX, HIPAA, and GDPR frameworks.,Practice risk assessment and control testing techniques.,Develop policy analysis and documentation skills.,Familiarize with audit processes and reporting.
Behavioral questions
Describe a complex risk you mitigated.,How do you handle conflicting stakeholder needs?,Give an example of a policy improvement.,How do you stay updated on regulations?
Frequently asked questions
- What are the key responsibilities for a GRC Specialist at micro1?
- As a GRC Specialist, you will conduct risk assessments, map controls to frameworks like NIST and ISO, lead compliance audits, analyze and update policies, and collaborate with stakeholders to address risk and compliance gaps. You will also produce audit reports and monitor regulatory changes.
- What experience is required for the GRC Specialist role at micro1?
- The role requires a minimum of 3 years of experience in GRC, IT Risk, Compliance, or Audit within regulated industries. You'll need hands-on expertise with frameworks such as NIST, ISO, SOX, HIPAA, or GDPR, strong analytical skills, and excellent communication abilities.
- Are there preferred qualifications for the GRC Specialist position at micro1?
- Yes, preferred qualifications include relevant certifications such as CISSP, CISA, CRISC, or CIA. Experience in financial services, healthcare, or technology sectors, and in-depth knowledge of specific domains like cybersecurity or HIPAA/GDPR compliance are also advantageous.
- What is the work arrangement for this GRC Specialist role at micro1?
- This is a remote position, offering flexibility to work from any location.
- How can I best prepare my application for the GRC Specialist job at micro1?
- To prepare your application, focus on clearly articulating your experience with risk assessment methodologies, compliance frameworks, and audit processes. Quantify your achievements where possible, and ensure your resume reflects the specific skills and qualifications mentioned in the job description.