Cybersecurity Governance, Risk & Compliance; GRC Scrum Master

Description

$120 MAX BILL RATE

• Work is centered in Service Now, specifically the Integrated Risk Management (IRM / GRC) module.
• Service Now experience is required;
  Service Now GRC/IRM experience is highly preferred.
• Platform specificity is critical to avoid confusion with a generic Scrum Master + GRC role.

We would be able to start immediately pending resource selection, duration of the engagement would be 3 months. There may be flexibility to extend but will not know that until about the mid-point.

The Cybersecurity GRC Scrum Master is responsible for supporting the maturation of the organization’s global cybersecurity governance, risk, and compliance (GRC) platform. This role partners closely with other members of the cybersecurity GRC team, cybersecurity, and IT stakeholders to translate GRC requirements into Agile software delivery methods. The ideal candidate brings 5-10 years of total experience that includes delivering technology projects across complex regulatory landscapes and translating technical security concepts into clear, actionable guidance for diverse global stakeholders.

• Lead daily stand-ups, sprint planning, retrospectives, and backlog refinement sessions to ensure effective communication and collaboration among team members.
• Collaborate with stakeholders to align Scrum practices with GRC objectives, ensuring that governance, risk management, and compliance requirements are integrated into agile processes.
• Identify and resolve obstacles that hinder the team's progress, fostering an environment of continuous improvement and helping the team to achieve its sprint goals.
• Provide guidance and support to team members on Agile principles and practices, promoting a culture of self-organization and accountability within the team.
• Act as a liaison between the development team and stakeholders, ensuring that feedback is incorporated into the product backlog and that expectations are managed effectively.
• Track and analyze team performance metrics, such as velocity and burn-down charts, to facilitate informed decision-making and enhance the overall effectiveness of the team’s agile delivery.

• 5–10 years of experience in cybersecurity GRC, information security risk management, or IT compliance
• Ability to translate technical security risks into business‑relevant language
• Strong documentation, communication, and stakeholder management skills

• 2+ years of experience leading or working in Agile project management and delivery teams
• Experience working in IT or cyber security in the healthcare, pharmaceutical, or life science industry
• Experience with third‑party risk management and vendor security assessments
• Certification in CISSP, CISA, CISM, or comparable

• Bachelor’s degree in Information Security, Computer Science, Risk Management, or a related field

• Health insurance
• Health savings account
• Dental insurance
• Vision insurance
• Flexible spending accounts
• Life insurance
• Retirement plan

All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Rate of pay within the stated range will depend on the qualification of the applicant.