Cybersecurity GRC Specialist; remote

About UBQ.io

UBQ.io is a global technology service provider dedicated to building a more sustainable, independent, and equitable future. We partner with global companies across industries, including AI, blockchain, software, biotech, and education, to transform bold ideas into real, meaningful solutions.

Our expertise spans technology consulting, AI and Machine Learning development, Blockchain integration, and global team collaboration. With a worldwide network of specialists, we help organizations stay ahead in a rapidly evolving digital landscape.

, we don’t just advise, we collaborate. Our commitment to innovation, sustainability, and social responsibility guides everything we do as we help clients build technologies that empower people, communities, and industries to thrive.

The Cybersecurity Governance, Risk & Compliance (GRC) Specialist plays a key role in driving robust governance, risk management, and compliance initiatives. This role focuses on developing and improving security policies and procedures, guiding ISO 27001 and SOC 2 readiness, and managing complex security due diligence requests. The ideal candidate is highly organized, analytical, and comfortable working in a fast-paced environment where aligning technical controls with business requirements is essential.

• Develop, review, and continuously improve cybersecurity policies, standards, and procedures.

• Guide organizations through ISO 27001 and/or SOC 2 compliance readiness, gap analyses, and formal audit processes.

• Manage, complete, and streamline responses to security due diligence questionnaires and risk assessments.

• Conduct third-party vendor risk assessments to ensure external partners meet required security and compliance frameworks.

• Track and report on compliance metrics, identified security risks, and remediation efforts.

• Collaborate with cross-functional technical and legal teams to ensure security controls are effectively implemented and continuously monitored.

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or equivalent practical experience).

• At least 3 years of experience in a GRC (Governance, Risk, and Compliance) role within Information Security.

• Hands-on experience implementing, maintaining, or auditing security frameworks, specifically ISO 27001 and/or SOC 2.

• Experience managing security questionnaires and conducting vendor risk due diligence.

• Industry certifications (e.g., CISA, CRISC, CISM, CISSP, or ISO 27001) are a strong plus.

• Ability to translate complex technical security concepts into clear, actionable business processes.

• Strong communication skills and a customer-service mindset for engaging with diverse stakeholders.

You enjoy working at the intersection of security, business, and compliance, ensuring that policies are practically applied rather than just theoretical. You are structured, reliable, and eager to build trust by upholding high security standards. You have a knack for turning complex compliance requirements into streamlined processes, taking pride in helping organizations continuously improve and prove their commitment to cybersecurity.