GRC Specialist
This role requires candidates who are currently authorized to work in the U.S. without sponsorship, and C2C arrangements are not accepted. This role is hybrid with one day required on-site.
Overview
We are seeking an experienced Governance, Risk, and Compliance (GRC) Specialist to support enterprise-level data governance, compliance, and risk initiatives. This role is highly execution-focused, with primary responsibility for implementing Records Retention and Data Classification / Obfuscation programs within large, complex organizations.
The ideal candidate brings hands-on experience delivering governance frameworks, building workflows in GRC platforms, partnering with PMOs and database teams, and operationalizing compliance through dashboards, monitoring, and audit processes.
Key Responsibilities
Records Retention & Data Governance
-
Lead and support enterprise records retention operational planning in partnership with project management teams
-
Design and implement a records retention framework aligned to regulatory and business requirements
-
Build and maintain records retention workflows within GRC platforms (e.g., Collibra or similar tools)
-
Develop business user guides and documentation for records retention processes
-
Propose and maintain standardized records retention update and approval processes
-
Conduct periodic records retention audits to ensure compliance
-
Design and deliver compliance monitoring dashboards, alerts, and reporting
-
Partner with database and technical teams on governance tooling selection and implementation
Data Classification, Obfuscation & Compliance
-
Design and formalize data classification, masking, and obfuscation frameworks
-
Build and manage data classification workflows within GRC platforms
-
Lead quarterly data classification reviews and governance checkpoints
-
Define and execute data obfuscation strategies, including compliance validation and monitoring
-
Support recurring obfuscation activities and related testing efforts
-
Develop dashboards, alerts, and automated monitoring processes for ongoing compliance
-
Collaborate with DBAs and engineering teams on tool selection and implementation
Regulatory & Framework Expertise
-
Strong working knowledge of common governance and compliance frameworks, including:
-
NIST CSF
-
ISO 27001
-
SOC 2
-
GDPR
-
HIPAA
-
PCI DSS
-
SOX
-
Risk, Audit & Monitoring
-
Conduct risk assessments and identify control gaps
-
Support third-party risk management (TPRM) and business continuity initiatives
-
Design and execute internal audits
-
Support external audit activities and evidence collection
-
Build scalable compliance monitoring and reporting mechanisms
GRC Platforms & Technology
-
Experience using governance and compliance platforms and data tools such as:
-
Collibra
-
Delphix
-
Snowflake
-
Cloud platforms (e.g., AWS or similar)
-
-
Familiarity with emerging governance areas, including AI governance, cloud security, and automation
Required Skills & Attributes
Technical & Analytical Skills
-
Strong analytical thinking with the ability to translate regulatory requirements into operational solutions
-
Experience building workflows, dashboards, and monitoring processes
-
Ability to work cross-functionally with PMO, legal, compliance, security, and technical teams
Communication & Professional Skills
-
Clear, effective communication with both technical and non-technical stakeholders
-
Ability to create executive-level documentation, user guides, and process artifacts
-
Strong ethical standards and attention to detail
-
Adaptability to evolving regulatory and technology landscapes
Education & Certifications
Education
-
Bachelor’s degree in Business, Information Technology, Finance, Law, or a related field
Preferred Certifications
-
CISA
-
CRISC
-
CGRC
-
CISSP
-
CISM
Ideal Background
-
Experience delivering enterprise-scale data governance and compliance implementations
-
Proven success executing programs rather than only advising or designing
-
Background working in regulated environments with complex data ecosystems