Specialist - IT Governance, Risk and Compliance

Job SummarySynechron is seeking a dedicated and detail-oriented Specialist in IT Governance, Risk, and Compliance to support the organization’s compliance initiatives, risk management, and governance framework. This role entails developing and maintaining policies, conducting risk assessments, coordinating audits, and ensuring adherence to internal controls and regulatory standards. The ideal candidate will contribute to creating a secure, resilient, and compliant technology environment that aligns with industry best practices and organizational objectives.Software RequirementsRequired:Microsoft Office Suite (Excel, Word, PowerPoint) for reporting and documentationGRC platforms or tools (e.g., RSA Archer, MetricStream, ServiceNow GRC modules) – proficiency in at least oneDocument management and workflow tools (SharePoint, Confluence)Audit management and tracking toolsPreferred:Data analytics tools (Power BI, Tableau) for reporting and dashboardsRegulatory compliance management tools specific to data privacy and cybersecurityOverall ResponsibilitiesSupport the development, implementation, and maintenance of IT governance frameworks, standards, and control mechanismsConduct IT risk assessments, identify potential threats, and monitor mitigation actionsMaintain and update the IT risk register and report on risk status to leadershipAssist with creating, reviewing, and updating policies, procedures, and control frameworksPerform periodic compliance evaluations against regulations, standards, and contractual requirementsSupport internal and external audit processes through documentation, evidence collection, and issue trackingConduct control testing, gap analysis, and assessment activities across IT functionsMonitor adherence to standards such as ISO 27001, NIST, COBIT, and relevant regulatory requirementsPrepare reports and dashboards on compliance, risks, and audit findings for management reviewPromote awareness and understanding of governance and compliance practices within IT teamsTechnical Skills (By Category)Programming Languages: Not mandatory, but familiarity with scripting languages such as PowerShell, Python, or Bash for automation and reporting is a plusDatabases/Data Management: Basic understanding of data management principles, data privacy, and security controls in databases (e.g., SQL, NoSQL) is advantageousCloud Technologies: Not required; however, knowledge of cloud security and controls aligning with governance standards (e.g., ISO 27017, NIST cloud security) is beneficialFrameworks and Libraries: Familiarity with standards such as ISO 27001, NIST CSF, COBIT, and ITIL for governance and risk managementDevelopment Tools and Methodologies: Experience with project management and workflow tools (Jira, ServiceNow, MS Project); knowledge of Agile, Waterfall, or hybrid project approaches as they relate to compliance and governance initiativesSecurity Protocols: Understanding of security controls, data privacy regulations (GDPR, CCPA), and internal policies for IT security and audit readinessExperience Requirements3 to 5 years of experience supporting IT governance, risk, or compliance functionsProven experience in conducting risk assessments, managing internal controls, and supporting auditsDomain-specific knowledge of regulatory frameworks across data privacy, cybersecurity, or enterprise complianceExperience working in regulated industries such as finance, healthcare, or telecommunications is preferredAlternative experience pathways include roles in internal audit or IT control functions, with demonstrated understanding of governance and compliance practicesDay-to-Day ActivitiesSupport ongoing development and maintenance of IT policies, standards, and control frameworksAssist in conducting risk assessments, tracking mitigation, and updating risk registersSupport internal and external audits by preparing documentation and evidencePerform control testing, gap analysis, and compliance checks across different IT unitsMonitor adherence to governance frameworks and recommend improvementsCollaborate with cross-functional teams to communicate compliance requirements and promote best practicesReview and update policies, procedures, and controls in response to regulatory or organizational changesPrepare reports, dashboards, and presentations for senior management on risk and compliance statusQualificationsBachelor’s degree in Information Technology, Information Security, Business Administration, or related field; equivalent professional experience acceptedCertifications such as CISA, CISSP, ISO 27001 Lead Auditor, or equivalent are preferredTraining or certifications related to IT governance, risk management, or compliance (e.g., COBIT, ITIL, GDPR certifications) are advantageousCommitment to ongoing professional development in GRC topics and relevant regulatory standardsProfessional CompetenciesStrong analytical and problem-solving skills with a focus on risk identification and mitigationExcellent communicati