Senior Cybersecurity GRC Specialist shaping Orion Pharma's cybersecurity governance, risk management, and compliance. Engaging with teams to enhance security posture and meet regulatory standards.
About the role
- Information Security Lead responsible for security posture and compliance initiatives at Earned Wealth. Collaborating across teams to enhance policies and manage risk assessments effectively.
Responsibilities
- Lead and support SOC 2 Type I & II, SEC S-P, ISO 27001, and CCPA initiatives, including leading engagements with external firms and consultants as necessary.
- Maintain and enhance core security and compliance policies (WISP, CDISP, Access, Privacy, Intercompany Agreements).
- Inform and lead the implementation of data and other access permissions consistent with security and compliance policies in close partnership with engineering.
- Develop scalable, repeatable processes to unify acquired firms into Earned’s security and compliance program.
- Conduct risk assessments and maintain a shared risk register with remediation tracking.
- Support identity and access governance (MFA/SSO reviews, onboarding/offboarding, quarterly access reviews).
- Run vendor risk assessments for new and renewing vendors.
- Manage evidence collection, asset inventory, and security compliance platforms such as Vanta or Drata.
- Assist with incident documentation, timelines, and corrective actions.
Requirements
- Bachelor’s degree in relevant field
- 5+ years in GRC, IT audit, security operations, or compliance
- Experience in organizations scaling through both organic and inorganic (M&A) growth
- Familiarity with HITRUST, SOC 2, SEC S-P, NIST CSF, ITGC, and vendor risk frameworks
- Experience designing and implementing scalable evidence systems, compliance workflows, metrics pipelines, and exception processes
- Ability to integrate GRC systems with cloud and SaaS environments for automated evidence collection and continuous monitoring
- Strong documentation, organization, and communication skills
- Ability to work independently in a fast-paced, small-team environment
Benefits
- An attractive total compensation package
- Employer-sponsored health insurance (medical, dental, vision)
- 401k + **5%** match
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Product Security expert ensuring secure software development at NETGEAR. Championing security practices and monitoring vulnerabilities while collaborating with development teams.
System Architect driving secure cloud - native applications using cutting - edge technologies for Product Security at Nokia. Leading AI - driven design and architecture with collaboration across global teams.
Cyber Security Engineer protecting data from threats in a fintech startup. Collaborating with the Information Security Team and implementing security controls for technical projects.
Junior Security Incident Responder in an innovative IT service company protecting clients against cyber threats. Collaborating with teams to enhance IT security and respond to incidents.
Security Incident Responder managing IT security incidents in the Security Operations Center, analyzing threats and coordinating responses effectively for clients' safety.
Senior Security Engineer developing and enhancing security infrastructure for Bank Frick, a pioneer in blockchain banking. Responsible for managing security processes and collaborating with IT teams.
Werkstudent Cyber Security bei Wavestone, Unterstützung im IT - Consulting und Entwicklung im Bereich Cyber - Sicherheit. Analyse von Trends und aktive Teilnahme an Teamaktivitäten.
Cyber Security Manager at British American Tobacco strengthening cyber resilience across Western Europe. Responsible for managing security initiatives and collaborating with regional teams.
Project Manager for Security Technology managing complex security projects in MENA region. Involving internal teams and external integrators ensuring project success and client satisfaction.