Sr. GRC Specialist

Optomi, in partnership with a leading provider in the Insurance industry is seeking a Sr. GRC Specialist to join their team! In this role, you will be responsible for the development, implementation, and maintenance of cGRC policies, procedures, and frameworks. This role involves conducting comprehensive risk assessments, managing audits, and ensuring compliance with regulatory requirements.

• Subject matter expert in the development, implementation, and maintenance of cGRC policies, procedures, and frameworks.
• Conduct multiple advanced comprehensive cGRC risk assessments including third-party assessments which encompass vendor onboarding and the vendor lifecycle to ensure vendors meet security and data protection standards, and to identify, evaluate, and prioritize risks across the organization, providing required and recommended mitigation action items.
• Conduct operational risk assessments internally to ensure security and data protection standards, and to identify, evaluate, and prioritize risks across the organization, providing required and recommended mitigation action items.
• Monitor and report on compliance with regulatory requirements and internal policies.
• Collaborate with various departments to ensure adherence to cGRC standards.
• Manage and oversee internal and external audits, including preparing documentation and responding to audit inquiries.
• Maintain and update risk registers and compliance documentation.
• Provide training and guidance to staff on GRC-related topics.
• Stay current with industry trends and regulatory changes to ensure ongoing compliance.
• Ability to collaborate with legal, security, business and IT teams to develop and implement strategies to mitigate risks and enhance compliance which uphold the CIA Triad, ensuring data confidentiality, integrity and availability.
• Provide strategic guidance and support to senior management on cGRC-related matters.
• Encourage cultural change by recommending sound IT security practices in day-to-day operations.
• Continuously evaluate and improve the organization's cGRC processes and tools, leveraging industry best practices, automation, and innovative solutions.
• Manage weekly and quarterly metrics related to IT Security risks, contract reviews, Non-Adherent Vendors, and vendor security incidents.
• Lead the coordination of weekly and quarterly metrics related to IT Security risks, contract reviews, Non-Adherent Vendors, and vendor security incidents.
• Lead the quarterly information security awareness training course including the design and implementation.
• Manage metrics relevant to the operational success of the cGRC program.

• 5-7 years of experience in GRC, risk management, or compliance.
• Relevant industry certifications such as CISSP, CISM, CRISC, or similar preferred.
• In-depth understanding of regulatory requirements and industry standards (e.g., NST CSF, NIST AI RMF, ISO 27001, GDPR, SOC1/2, Sarbanes-Oxley).
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Proficiency in GRC tools and software.
• Demonstrated leadership and project management skills.
• Knowledge of AI regulations and industry practices including framework and risks (e.g, bias, hallucinations, and data security).