Join our companies in their quest to drive powerful, positive, change that endures.

Senior Specialist- Governance, Risk and Compliance



New York, NY, USA · Remote
Posted on Wednesday, May 22, 2024

Mark43 is approved to hire in Canada, the UK, and 40 U.S states, including AL, AZ, CA-excluding San Francisco, CO, CT, DC, DE, FL, GA, IA, ID, IL, IN, KS, LA, MA, MD, ME, MI, MN, MO, NE, NV, NH, NJ, NM, NY, NC, OH, OR, PA, SC, SD, TN, TX, UT, VA, VT, WA, and WI. Before applying to a remote role, please ensure that you are able to perform the position in one of the states listed above. State locations and specifics are subject to change as our hiring requirements shift.

Applicants must be authorized to work for any employer in the country in which the role is being hired. We are unable to sponsor or take over sponsorship of an employment visa at this time.

Mark43’s mission is to empower communities and their governments with new technologies that improve the safety and quality of life for all. We build powerful, scalable, and elegant software that sets a new standard for the tools upon which our first responders rely. Our users are diverse, and we are therefore committed to embracing diversity of thought and experience within our team.

We are looking for a Senior GRC Specialist to join our team. You will be reporting to our Senior Director of GRC. This role requires a deep understanding of governance, risk, and compliance practices within SaaS environments, including experience with various regulations/frameworks (i.e. CJIS, NIST, GDPR, FedRAMP). The ideal candidate will be a strategic thinker, capable of designing and implementing robust GRC processes that align with industry standards and regulatory requirements.

What you can expect to work on

  • Develop, implement, and maintain Security policies, procedures, and standards to ensure compliance with relevant regulations and industry best practices.
  • Oversee and help manage the company's compliance with CJIS, NIST, FedRAMP, and other applicable frameworks and standards.
  • Conduct risk assessments, identify potential risks, and develop mitigation strategies to minimize impact.
  • Manage process improvement, control maturity, and risk communication within assigned GRC service activities.
  • Respond promptly to security assessments, questionnaires, and audits from customers and third-party business partners.
  • Collaborate with internal stakeholders, including IT, Security, Legal, and Operations, to ensure alignment and integration of GRC initiatives.
  • Provide training and awareness programs to employees on GRC-related topics.
  • Evaluate IT programs and components for compliance with published standards. Manage exceptions and track requests related to security controls.
  • Enhance processes to protect sensitive information and mitigate data breaches.
  • Ensure appropriate risk treatment, compliance, and assurance from both internal and external perspectives.
  • Serve as a subject matter expert in Information Security, providing consulting to technical and non-technical audiences.

What we expect from you

  • Experience in managing process improvement, control maturity, and risk communication within GRC service activities.
  • A history of streamlining processes to improve efficiency.
  • Five-eight years of work experience in a GRC role within a SaaS or technology company.
  • In-depth knowledge of CJIS, NIST, and FedRAMP frameworks, with demonstrated experience in implementing and managing compliance programs.
  • Strong understanding of risk management principles and practices, including conducting risk assessments and developing mitigation strategies.
  • Ability to maintain accurate records and manage client security and risk requests.
  • Ability to independently facilitate and lead project and risk assessments.
  • Demonstrated history of maintaining security policy, standard, guideline, and procedure documents.
  • Can effectively communicate technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management, and non-technical users.
  • Broad experience and exposure to cloud-hosted services, applications, infrastructure, including architecture, log management, monitoring, and security configuration requirements.
  • Relevant certifications (e.g., CISA, CISM, CRISC) are a plus.

People who thrive on our team also tend to share the following characteristics:

  • Humble, open, and curious.
  • Attentive, active listeners. You are interested in what others have to say and illustrate your interest with your actions.
  • Resilience. You do not shy away from challenging work, and you proactively help your team solve problems.
  • Enthusiastic collaborators. You understand that the best outcomes are achieved through shared ownership and seek to spread knowledge and expand participation rather than restrict it.
  • Comfortable with uncertainty. You know that sometimes problems and situations can’t be simplified or fully understood and are at ease working within this type of haziness.
  • Passionate about personal growth. You view mistakes as opportunities for learning, and want to grow as a designer, colleague, and person.
  • Eager to help others. You look for ways to provide support for more junior members of the team and develop cooperative working relationships.

Our Privacy Notice describes how Mark43 uses and protects the personal information of prospective employees during the recruitment process. It informs you about our handling of the personal information you provide to us when you apply for a position in our organization and in general when you express your interest in joining our team.

As a part of Mark43's security measures all employees must: Engage in appropriate use of the company's electronic information resources; Become knowledgeable about and follow relevant security policies and guidelines; Protect the resources under their control, such as passwords, computers, and data that they create, receive, or download; and Promptly report security-related incidents and violations, and responding to official reports of security incidents involving their systems or accounts.

Mark43 is committed to the full inclusion of all qualified individuals. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. As part of this commitment, we will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed, please email requesting the accommodation.