IT Governance, Risk, and Compliance Specialist

Job Summary

Synechron is seeking a dedicated and knowledgeable Specialist in IT Governance, Risk, and Compliance (GRC) to support the organization’s efforts in establishing, maintaining, and enhancing IT governance frameworks. The role involves conducting risk assessments, managing compliance activities, and ensuring alignment with internal controls and regulatory standards. This position is critical in safeguarding the organization's technology environment, promoting best practices, and ensuring adherence to industry standards and legal requirements. The successful candidate will contribute to building a secure, resilient, and compliant IT landscape that supports business objectives and regulatory obligations.

Software Requirements

Required: Microsoft Office Suite (Word, Excel, PowerPoint), GRC tools (e.g., RSA Archer, ServiceNow), audit management software

Preferred: Security information and event management (SIEM) systems, Data Privacy tools, ISO 27001 compliance tools

Experience Level: Intermediate proficiency in relevant software, with the ability to produce detailed reports and track compliance activities.

Overall Responsibilities

• Support the development, implementation, and ongoing maintenance of IT governance frameworks, standards, and controls.
• Conduct IT risk assessments to identify potential threats and document mitigation strategies.
• Maintain and update the IT risk register, providing regular reports on risk status and mitigation progress.
• Assist in drafting, reviewing, and updating policies, procedures, and guidelines related to IT compliance and security.
• Perform compliance evaluations and gap analyses against regulatory, contractual, and internal standards.
• Facilitate internal and external audit activities by preparing documentation, collecting evidence, and tracking remediation actions.
• Conduct periodic control testing, compliance checks, and risk assessments across IT functions.
• Monitor adherence to industry standards such as ISO 27001, NIST Cybersecurity Framework, and COBIT.
• Prepare executive dashboards and detailed reports on compliance, risk, and audit findings.
• Promote awareness and adherence to governance, risk, and compliance practices within IT teams and across the organization.

Technical Skills (By Category)

• Governance Frameworks: COBIT, ITIL (Essential), NIST CSF, ISO 27001 (Preferred)
• Information Security Standards: ISO 27001, NIST, Cybersecurity best practices (Essential)
• Risk Assessment & Management: Risk methodologies, threat identification, mitigation tracking (Essential)
• Regulatory and Compliance Requirements: Data privacy laws, cybersecurity regulations, audit standards (Essential)
• Controls & Processes: IT change management, incident management, access controls, audit coordination (Essential)
• Tools: GRC platforms (RSA Archer, ServiceNow), audit management tools (Preferred)

Experience Requirements

• Minimum of 5+ years in IT governance, risk management, compliance roles.
• Proven experience in conducting risk assessments and managing compliance activities within complex IT environments.
• Demonstrated success in supporting or leading audit activities and remediation efforts.
• Familiarity with industry standards such as ISO 27001, NIST Cybersecurity Framework, COBIT.
• Experience working with cross-functional teams in diverse organizational settings.

Day-to-Day Activities

• Support the creation, review, and update of IT policies, standards, and controls.
• Conduct risk assessments and maintain the IT risk register.
• Perform compliance evaluations, gap analyses, and control testing.
• Assist in audit preparation, evidence collection, and remediation tracking.
• Monitor compliance status using dashboards; escalate issues and risks as needed.
• Collaborate with IT teams, audit, legal, and risk management units for stakeholder engagement.
• Track and report regulatory and internal audit findings to senior management.
• Promote a culture of compliance and continuous improvement in cybersecurity and governance practices.

Qualifications

Bachelor’s degree in Information Technology, Computer Science, Business Administration, or related field; Master’s preferred. Certifications such as CISA, CISSP, CRISC, ISO 27001 Lead Implementer, or equivalent are preferred. Ongoing professional development in IT governance, risk management, or compliance fields.

Professional Competencies

• Strong analytical and critical thinking capabilities.
• Effective communication skills for technical and non-technical audiences.
• Ability to interpret frameworks, policies, and regulations and translate them into actionable processes.
• Project coordination and task management skills to handle multiple priorities.
• High attention to detail and accuracy in documentation and reporting.
• Collaboration and stakeholder engagement skills.
• Flexibility and adaptability to evolving standards, regulations, and organizational needs.
• Demonstrated commitment to ethical conduct and confidentiality.

Synechron's Diversity & Inclusion Statement

Diversity & Inclusion are fundamental to our culture, and Synechron is proud to be an equal opportunity workplace and is an affirmative action employer. Our Diversity, Equity, and Inclusion (DEI) initiative ‘Same Difference’ is committed to fostering an inclusive culture – promoting equality, diversity and an environment that is respectful to all. We strongly believe that a diverse workforce helps build stronger, successful businesses as a global company. We encourage applicants from across diverse backgrounds, race, ethnicities, religion, age, marital status, gender, sexual orientations, or disabilities to apply. We empower our global workforce by offering flexible workplace arrangements, mentoring, internal mobility, learning and development programs, and more.

All employment decisions at Synechron are based on business needs, job requirements and individual qualifications, without regard to the applicant’s gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law.

Key skills/competency

• IT Governance
• Risk Management
• Compliance
• GRC Tools
• RSA Archer
• ServiceNow
• ISO 27001
• NIST CSF
• COBIT
• CISA