Sr. Cybersecurity Governance, Risk, and Compliance (GRC) Associate

Job Title: Sr. Cybersecurity Governance, Risk, and Compliance (GRC) Associate Location: Onsite 4-5x/week in Chicago, IL or Austin, TX Job Type: Direct Hire Bottom Line / In a Nutshell: Risk Management: Experience performing annual risk assessments, devising risk treatment plans in accordance with risk appetite/tolerance, and helping to prioritize those plans. This is the area they are least willing to compromise on. GRC Framework Experience: Experience managing a governance framework, including drafting and maintaining policies, procedures, and standards aligned with industry best practices (e.g., NIST 2.0). Audit Management: Ability to manage the start-to-finish workflow of audits, including liaising with external auditors, gap analysis, and evidence collection. SOC 2 experience is required; ISO 27001 is highly desired GRC Tool Experience: Experience with a GRC platform such as OneTrust, Archer, or ZenGRC. Security Awareness: Experience managing security awareness programs, including phishing campaigns and training modules. Job Description: The Sr. Cybersecurity Governance, Risk, and Compliance (GRC) Associate plays a critical role in supporting the organization's GRC program, with a specialized focus on security framework compliance and information security risk management. Reporting to the Vice President of Information Security Governance, Risk, and Compliance, the Sr. Cybersecurity GRC Associate contributes to the maturity of the security program by applying principles such as secure-by-design, defense-in-depth, and least privilege, while aligning with industry standards, regulatory requirements, and internal policies. The ideal candidate will have a proven track record of career growth, passion to deliver results, excellent problem-solving skills, strong oral and written communication skills, and the desire to be challenged and grow. Responsibilities: Information Security Governance Maintain and enhance the Information Security Policy Framework, ensuring alignment with regulatory requirements and industry standards (e.g., NIST, ISO, CIS). Collaborate with stakeholders to ensure policies are understood, adopted, and enforced across the organization. Implement and operationalize GRC platform; create and maintain automated workflows, associated processes, and related documentation. Risk ManagementMaintain the enterprise Information Security Risk Register and perform periodic and ad hoc risk assessments. Monitor and report on meaningful metrics and reporting, including Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs). Support risk treatment planning and execution, ensuring alignment with the organization's risk appetite. Perform third party risk assessments and ongoing oversight activities.Compliance & ControlsFacilitate security compliance framework assessments, control narrative creation, and evidence collection. Conduct control testing, identify deficiencies, and drive remediation efforts. Support the development and ongoing maintenance of an integrated control framework to assess and monitor compliance.Security Awareness & CulturePromote a security-first mindset across the organization. Contribute to the development and delivery of security awareness programs.Qualifications & Requirements: Bachelor's degree or equivalent experience; relevant certifications preferred (e.g., CBCP, MBCP, MBCI, FBCI) 3-6+ years' experience in cybersecurity GRC and/or BC/DR roles, ideally within financial services. Strong analytical and critical thinking skills and the ability to organize work in a logical, thorough, and succinct manner. Highly self-motivated, results-orientated, and self-directed to handle multiple ongoing tasks. Flexibility to adapt to changing assignments and ability to effectively prioritize. Effective written and verbal English communication at all levels. Demonstrated ability to operate and innovate in a small team with a fast?paced environment, balancing both strategic and tactical needs. THIS IS A GREAT OPPORTUNITY WITH A FIRST-CLASS COMPANYSr. Cybersecurity Governance, Risk, and Compliance (GRC) AssociateRED SKY Career Opportunities at: redskyconsulting.co/career-portalSr. Cybersecurity Governance, Risk, and Compliance (GRC) AssociateRED SKY Consulting Candidate and Client Referral Program!2500Do you know other IT professionals?Turn those relationships into Money & help friends get workRED SKY Consulting is offering a fantastic opportunity for you to earn extra money. If you refer to us a Manager of people or skilled professionals, we will link your name to that person for 18 months.If we employ or place that individual or place people into that company thru that managerSr. Cybersecurity Governance, Risk, and Compliance (GRC) Associate RED SKY Consulting Company Overview:We are an IT and Cybersecurity staffing solutions, professional services, management consulting, and executive placement company with thousands of resources across multiple IT and Cybersecurity skill sets. Our primary US locations are Chicago, New York, Los Angeles, Atlanta, Nashville, Tampa and Denver and we have organizational arms in other domestic cities along with offshore alliances in India and Ireland. RED SKY has a 15+ year history of providing great technology talent. RED SKY has many clients including; 7 of the Fortune 10, half of the Fortune 100, and 25% of the Fortune 500 companies within the manufacturing, financial services, health care, government, consumer services, insurance, and several other industry verticals represented. The RED SKY Foundation is being formed and will be providing fully funded college educations to underprivileged young adults in partnership with our clients starting 2022.Keys: Risk Management, GRC, OneTrust, Security Awareness, Audit, Risk Management, GRC, OneTrust, Security Awareness, Audit, Risk Management, GRC, OneTrust, Security Awareness, Audit, Risk Management, GRC, OneTrust, Security Awareness, Audit XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX