Specialist - IT Governance, Risk and Compliance

Job SummarySynechron is seeking a dedicated and knowledgeable Specialist in IT Governance, Risk, and Compliance (GRC) to support the organization’s efforts in establishing, maintaining, and enhancing IT governance frameworks. The role involves conducting risk assessments, managing compliance activities, and ensuring alignment with internal controls and regulatory standards. This position is critical in safeguarding the organization's technology environment, promoting best practices, and ensuring adherence to industry standards and legal requirements. The successful candidate will contribute to building a secure, resilient, and compliant IT landscape that supports business objectives and regulatory obligations.Software RequirementsRequired: Microsoft Office Suite (Word, Excel, PowerPoint), GRC tools (e.g., RSA Archer, ServiceNow), audit management softwarePreferred: Security information and event management (SIEM) systems, Data Privacy tools, ISO 27001 compliance toolsExperience Level: Intermediate proficiency in relevant software, with the ability to produce detailed reports and track compliance activitiesOverall ResponsibilitiesSupport the development, implementation, and ongoing maintenance of IT governance frameworks, standards, and controlsConduct IT risk assessments to identify potential threats and document mitigation strategiesMaintain and update the IT risk register, providing regular reports on risk status and mitigation progressAssist in drafting, reviewing, and updating policies, procedures, and guidelines related to IT compliance and securityPerform compliance evaluations and gap analyses against regulatory, contractual, and internal standardsFacilitate internal and external audit activities by preparing documentation, collecting evidence, and tracking remediation actionsConduct periodic control testing, compliance checks, and risk assessments across IT functionsMonitor adherence to industry standards such as ISO 27001, NIST Cybersecurity Framework, and COBITPrepare executive dashboards and detailed reports on compliance, risk, and audit findingsPromote awareness and adherence to governance, risk, and compliance practices within IT teams and across the organizationTechnical Skills (By Category)Governance Frameworks: COBIT, ITIL (Essential), NIST CSF, ISO 27001 (Preferred)Information Security Standards: ISO 27001, NIST, Cybersecurity best practices (Essential)Risk Assessment & Management: Risk methodologies, threat identification, mitigation tracking (Essential)Regulatory and Compliance Requirements: Data privacy laws, cybersecurity regulations, audit standards (Essential)Controls & Processes: IT change management, incident management, access controls, audit coordination (Essential)Tools: GRC platforms (RSA Archer, ServiceNow), audit management tools (Preferred)Experience RequirementsMinimum of 5+ years in IT governance, risk management, compliance rolesProven experience in conducting risk assessments and managing compliance activities within complex IT environmentsDemonstrated success in supporting or leading audit activities and remediation effortsFamiliarity with industry standards such as ISO 27001, NIST Cybersecurity Framework, COBITExperience working with cross-functional teams in diverse organizational settingsDay-to-Day ActivitiesSupport the creation, review, and update of IT policies, standards, and controlsConduct risk assessments and maintain the IT risk registerPerform compliance evaluations, gap analyses, and control testingAssist in audit preparation, evidence collection, and remediation trackingMonitor compliance status using dashboards; escalate issues and risks as neededCollaborate with IT teams, audit, legal, and risk management units for stakeholder engagementTrack and report regulatory and internal audit findings to senior managementPromote a culture of compliance and continuous improvement in cybersecurity and governance practicesQualificationsBachelor’s degree in Information Technology, Computer Science, Business Administration, or related field; Master’s preferredCertifications such as CISA, CISSP, CRISC, ISO 27001 Lead Implementer, or equivalent are preferredOngoing professional development in IT governance, risk management, or compliance fieldsProfessional CompetenciesStrong analytical and critical thinking capabilitiesEffective communication skills for technical and non-technical audiencesAbility to interpret frameworks, policies, and regulations and translate them into actionable processesProject coordination and task management skills to handle multiple prioritiesHigh attention to detail and accuracy in documentation and reportingCollaboration and stakeholder engagement skillsFlexibility and adaptability to evolving standards, regulations, and organizational needsDemonstrated commitment to ethical conduct and confidentialityDiversity & Inclusion StatementDiversity & Inclusion are fundamental to our culture, and Synechron is proud to be an equal opportunity workplace an