Senior Cyber GRC Specialist

Job Summary

The Senior Cyber GRC Specialist supports the development and maturity of our cGRC programs, ensuring compliance with internal policies and external regulations, and providing tactical guidance to the organization. The ideal candidate will have 3-5 years of experience in governance, risk, and compliance, specifically with focus in information technology and/or cybersecurity, along with relevant industry certifications.

Principal Duties and Responsibilities

• Subject Matter Expert in the development, implementation, and maintenance of cGRC policies and procedures.
• Conduct comprehensive cGRC risk assessments to identify, evaluate, and prioritize risks across the organization, providing required and recommended mitigation action items.
• Conduct operational risk assessments of external vendors and service providers under the third-party risk management framework.
• Monitor and report on compliance with regulatory requirements and internal policies.
• Collaborate with various departments to ensure adherence to cGRC standards.
• Maintain and update risk registers and compliance documentation.
• Manage metrics related to Cybersecurity risks, Non-compliant Vendors, and vendor security incidents.
• Create and maintain dashboards and reports to show cGRC status.
• Perform other duties as assigned

Knowledge, Skills and Abilities

• 3-5 years of experience in GRC, risk management, compliance, or IT Audit.
• Relevant industry certifications such as CISSP, CISA, CRISC, CGRC or similar preferred.
• In-depth understanding of regulatory requirements and industry standards (e.g., NYS DFS, NIST CSF, SOC1/2, Sarbanes-Oxley/MAR).
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills
• Demonstrates strong business writing skills, including the ability to craft clear, concise, and professional communications and reports.
• Ability to work independently and as part of a team.
• Proficiency in GRC tools and software, specifically Audit Board, Drata, etc.
• Familiarity with reporting and visualization tools desired (e.g. PowerBI)
• Demonstrated leadership and project management skills.
• Knowledge of AI regulations and industry practices including framework and risks.

Compensation

Nassau maintains a holistic compensation philosophy focused on competitive base salaries, performance driven incentives, and unique professional development opportunities. The combination of compensation, benefits, and an entrepreneurial culture along with related experiences is key to recruiting and retaining talent.  Our compensation system is designed to reward performance, support development and job growth, and compensate individuals relative to their contribution to our organization. The base salary for this position falls within Nassau’s salary band D:  $85,000-$100,000 depending upon experience.

Visit our Careers page and apply online at http://www.nfg.com/.

Based in Hartford, Connecticut, Nassau Financial Group is a growth focused and digitally enabled financial services company with a fully integrated platform across insurance and asset management. Nassau was founded in 2015 and has grown to $1.6 billion in total adjusted capital, $25.6 billion in assets under management, and 361,000 policies and contracts as of September 30, 2025.

As part of a young and growing financial services enterprise, our employees are tapping into a new entrepreneurial spirit while they build on a long track record of putting customers first, understanding the evolving income and protection needs, and developing quality products to meet those needs.

Nassau provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. 

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.