Specialist IT Governance, Risk and Compliance

Job Summary
Synechron is seeking a dedicated and knowledgeable Specialist in IT Governance Risk and Compliance (GRC) to support the organizations efforts in establishing maintaining and enhancing IT governance frameworks. The role involves conducting risk assessments managing compliance activities and ensuring alignment with internal controls and regulatory standards. This position is critical in safeguarding the organizations technology environment promoting best practices and ensuring adherence to industry standards and legal requirements. The successful candidate will contribute to building a secure resilient and compliant IT landscape that supports business objectives and regulatory obligations.

Software Requirements

• Required: Microsoft Office Suite (Word Excel PowerPoint) GRC tools (e.g. RSA Archer ServiceNow) audit management software

• Preferred: Security information and event management (SIEM) systems Data Privacy tools ISO 27001 compliance tools

• Experience Level: Intermediate proficiency in relevant software with the ability to produce detailed reports and track compliance activities

Overall Responsibilities

• Support the development implementation and ongoing maintenance of IT governance frameworks standards and controls

• Conduct IT risk assessments to identify potential threats and document mitigation strategies

• Maintain and update the IT risk register providing regular reports on risk status and mitigation progress

• Assist in drafting reviewing and updating policies procedures and guidelines related to IT compliance and security

• Perform compliance evaluations and gap analyses against regulatory contractual and internal standards

• Facilitate internal and external audit activities by preparing documentation collecting evidence and tracking remediation actions

• Conduct periodic control testing compliance checks and risk assessments across IT functions

• Monitor adherence to industry standards such as ISO 27001 NIST Cybersecurity Framework and COBIT

• Prepare executive dashboards and detailed reports on compliance risk and audit findings

• Promote awareness and adherence to governance risk and compliance practices within IT teams and across the organization

Technical Skills (By Category)

• Governance Frameworks: COBIT ITIL (Essential) NIST CSF ISO 27001 (Preferred)

• Information Security Standards: ISO 27001 NIST Cybersecurity best practices (Essential)

• Risk Assessment & Management: Risk methodologies threat identification mitigation tracking (Essential)

• Regulatory and Compliance Requirements: Data privacy laws cybersecurity regulations audit standards (Essential)

• Controls & Processes: IT change management incident management access controls audit coordination (Essential)

• Tools: GRC platforms (RSA Archer ServiceNow) audit management tools (Preferred)

Experience Requirements

• Minimum of 5 years in IT governance risk management compliance roles

• Proven experience in conducting risk assessments and managing compliance activities within complex IT environments

• Demonstrated success in supporting or leading audit activities and remediation efforts

• Familiarity with industry standards such as ISO 27001 NIST Cybersecurity Framework COBIT

• Experience working with cross-functional teams in diverse organizational settings

Day-to-Day Activities

• Support the creation review and update of IT policies standards and controls

• Conduct risk assessments and maintain the IT risk register

• Perform compliance evaluations gap analyses and control testing

• Assist in audit preparation evidence collection and remediation tracking

• Monitor compliance status using dashboards; escalate issues and risks as needed

• Collaborate with IT teams audit legal and risk management units for stakeholder engagement

• Track and report regulatory and internal audit findings to senior management

• Promote a culture of compliance and continuous improvement in cybersecurity and governance practices

Qualifications

• Bachelors degree in Information Technology Computer Science Business Administration or related field; Masters preferred

• Certifications such as CISA CISSP CRISC ISO 27001 Lead Implementer or equivalent are preferred

• Ongoing professional development in IT governance risk management or compliance fields

Professional Competencies

• Strong analytical and critical thinking capabilities

• Effective communication skills for technical and non-technical audiences

• Ability to interpret frameworks policies and regulations and translate them into actionable processes

• Project coordination and task management skills to handle multiple priorities

• High attention to detail and accuracy in documentation and reporting

• Collaboration and stakeholder engagement skills

• Flexibility and adaptability to evolving standards regulations and organizational needs

• Demonstrated commitment to ethical conduct and confidentiality

SYNECHRONS DIVERSITY & INCLUSION STATEMENT

Diversity & Inclusion are fundamental to our culture and Synechron is proud to be an equal opportunity workplace and is an affirmative action employer. Our Diversity Equity and Inclusion (DEI) initiative Same Difference is committed to fostering an inclusive culture promoting equality diversity and an environment that is respectful to all. We strongly believe that a diverse workforce helps build stronger successful businesses as a global company. We encourage applicants from across diverse backgrounds race ethnicities religion age marital status gender sexual orientations or disabilities to apply. We empower our global workforce by offering flexible workplace arrangements mentoring internal mobility learning and development programs and more.

All employment decisions at Synechron are based on business needs job requirements and individual qualifications without regard to the applicants gender gender identity sexual orientation race ethnicity disabled or veteran status or any other characteristic protected by law.

Candidate Application Notice