Principal InfoSec GRC Specialist (Contract / Permanent)

What will you do?

Leadership & Program Management

• Bring ‘Security by design’ principles to product development activities
• Managing the GRC program, defining the roadmap for maturity across governance, risk management, and compliance initiatives.
• Lead, manage, and mature the organization's Information Security Management System including risk treatment, internal audits, and readiness for external certification audits
• Serve as the SME for high-stakes compliance frameworks, specifically FedRAMP, and maintaining advanced leadership over HIPAA and the ISO 27001 family (including 27017/27018 for cloud security).
• Lead the development and revision of enterprise-level security policies, standards, and control frameworks to align with regulatory requirements and business objectives.
• Manage GRC with focus on lean, efficient implementation by leveraging automation of activities

FedRAMP & Cloud Security

• Lead FedRAMP authorization (e.g., Readiness, Assessment, and Continuous Monitoring), including coordinating with the 3PAO (Third-Party Assessment Organization) and government agencies.
• Provide solution oriented technical guidance to Cloud Engineering, Security Operations, DevOps, and Product teams on architecting, implementing, and documenting controls required for FedRAMP, HIPAA, and ISO 27001 within cloud environments (AWS, Azure, or GCP).
• Oversee and conduct complex, high-impact risk assessments (e.g., BIA, PIA, Data Flow Mapping) and residual risk management across the enterprise, escalating critical risks to senior leadership.
• Manage and respond to high-level customer and partner due diligence requests and contract reviews related to security and compliance.

Collaboration & Stakeholder Management

• Act as the primary InfoSec GRC liaison and subject matter expert, effectively collaborating with internal stakeholders including Legal, Internal Audit, Product Management, and Tech Leadership.
• Translate highly technical security and compliance requirements providing clear, actionable, risk-informed recommendations.
• Lead cross-functional remediation efforts, bringing a solution mindset to help technical teams design practical and compliant control implementations instead of simply identifying gaps.
• Mentor and provide guidance to junior GRC team members, helping to build internal capabilities.

What do you bring to the table?

• Minimum of 12+ years of extensive experience in Cloud Security and GRC

• Demonstrated capability in achieving & maintaining FedRAMP (moderate or high) compliance, including deep familiarity with NIST SP 800-53 controls.
• Expert-level hands on knowledge of HIPAA, SOC and FedRAMP controls
• Deep technical understanding of Cloud Service Provider (CSP) security models and compliance controls within complex cloud architectures.
• Education: Bachelor's or Master's degree in Information Security, IT, Computer Science, or related technical field.
• Certifications (Must have 1 or more of the following):
• CISSP (Certified Information Systems Security Professional)
• FedRAMP specific certifications (e.g., C3PAO Assessor training or significant practical experience).
• Cloud Security certification such as CCSP (Certified Cloud Security Professional) or CCSK.

• Flexible Work & Time Off - Embrace hybrid work models and enjoy the freedom of unlimited paid time off to support work-life balance.
• Health & Well-being - Access comprehensive group medical and life insurance coverage, along with a 24/7 Employee Assistance Program (EAP) for mental health and wellness support.
• Growth & Learning - Fuel your professional journey with continuous learning and development programs designed to help you upskill and grow.
• Recognition & Rewards - Get recognized for your contributions through structured reward programs and campaigns.
• Engaging & Fun Work Culture - Experience a vibrant workplace with team events, celebrations, and engaging activities that make every workday enjoyable.
• & Many More...