GRC Specialist

Founded in 2009 and 100% self-funded to this day, Natural Intelligence is a leader in online multi-vertical marketplaces. Our global brands, Top10.com and BestMoney.com, help millions worldwide make informed decisions every day. Our proprietary platform, xMatch, harnesses AI and ML technologies in order to help consumers make easier choices and find the right products and services tailored to their needs.

This role is an individual contributor which leads the GRC domain as part of the IT/Security team. The Governance, Risk, and Compliance Lead is responsible for assessing and documenting NI compliance and risk posture as they relate to its information assets.

This role requires skilled information security expertise for the development and implementation of the information security risk management program. 

This role will lead the SOC2 and ITGC domains and be the liaison on the privacy domain between Legal and R&D, collaborate with Product, MIS, IT, BI and Internal controls. This role requires leadership and project management skills, ensuring effective system-wide security & risk analysis, standards and testing, risk assessment, awareness and education, business enablement and development of policies, standards and guidelines. 

Responsibilities:

  • Evaluate the state of security and privacy from the GRC perspective, identifying gaps and opportunities and anticipating needs. 
  • Define and implement cyber security & compliance standards, develop supporting organizational policies & procedures and design automated technological solutions for controls and compliance.
  • Partner with various business units to ensure controls are adequate, appropriate, and effective.
  • ​​Testing the operating effectiveness of technical and administrative security controls, performing periodic gap assessments to validate compliance on an ongoing basis.
  • Support internal and external audit processes for relevant compliance programs such as SOC, SOX and ISO.
  • Perform security and compliance assessments on new and existing systems, vendors, processes and technologies.
  • Responsible for leading the external Risk Management and PT
  • Responsible for awareness and education
  • Maintain up-to-date understanding of legislation and regulations that impact information Security (GDPR, CCPA, GLBA, etc.) and stay up to date and informed on developing regulatory concerns and IT and security trends.

Requirements

  • 2+ years of experience with legal and regulatory compliance standards such as SOC, SOX (ITGC), ISO, GDPR, CCPA, etc.
  • Familiarity with ISMS and security frameworks, such as NIST Cybersecurity Framework.
  • Strong understanding of fundamental information security concepts and technology.
  • Experience with IT governance, risk, and compliance management in a global environment.
  • Excellent interpersonal and communication skills.
  • Desire for constant improvement.
  • Advanced project management skills.
  • Experience with Privacy domain and PIA processes is an advantage. 
  • Security-related certification, such as CISA or CISM, is an advantage. 
Submit Application

Apply for this position

GRC Specialist