Principal GRC Security Specialist

Job Summary

We’re looking for an experienced and strategic Principal GRC Security Analyst to help lead our Governance, Risk, and Compliance efforts. In this role, you’ll work cross-functionally to drive security initiatives, support compliance frameworks, and partner with both internal teams and external customers to ensure trust, transparency, and operational excellence.

Responsibilities

• Assist in identifying and tracking information security risks, assessing their impact, and monitoring the execution of mitigation plans in alignment with established security policies and controls.
• Manage internal risk assessments.
• Support Sales and Customer Success by responding to security questionnaires and speaking to technical controls
• Track and report on GRC metrics, KPIs, and audit remediation activities
• Collaborate with Product, Development, Engineering, and Legal to embed security practices company-wide
• Assist in updating, maintaining and maturing security policies, awareness campaigns, and disaster recovery planning Develop and define associated metrics to allow clear visibility into iCIMS governance, risk, and compliance status.
• Provide leadership and act as key stakeholder of regulatory and compliance initiatives (e.g. ISO 27001, SOC 2, GDPR, Tx-RAMP, etc.). Participate in associated audits as necessary.
• Develop Key Performance Indicators (KPI) and Key Risk Indicators (KRI) to ensure compliance-related controls are operating to an acceptable tolerance level.
• Strong understanding of security tools to support the execution of Security Control Assessments and evaluate control effectiveness.
• Lead security compliance efforts across ISO 27001, SOC 2, GDPR, and other frameworks
• Develop and define associated metrics to allow clear visibility into iCIMS governance, risk, and compliance status.
• Provide strategic guidance and insights to strengthen and mature the Governance, Risk, and Compliance (GRC) program.

Qualifications

• 5+ years in GRC, risk, or information security roles
• Strong knowledge of frameworks like ISO 27001, NIST, SOC 2, GDPR, and risk assessment methodologies
• Knowledge of risk management processes and frameworks (e.g., methods for assessing and mitigating risk).
• Experience in SaaS environments and cloud platforms such as AWS or Azure
• Excellent communication skills, including comfort engaging with customers, executives, and auditors
• Demonstrated success driving compliance projects and risk management programs
• A self-starter with the demonstrated ability to take initiative, who can proactively identify issues/opportunities and recommend actions
• Demonstrated ability to advance and mature GRC programs through collaboration with enterprise-level stakeholders.
• Familiar with and able to generally accepted security methods, concepts and techniques, including an understanding of networks, operating systems, cloud operations and associated technologies and services.
• Understanding of privacy standards, PII protection, and third-party risk management