Mark43’s mission is to empower communities and their governments with new technologies that improve the safety and quality of life for all. We build powerful, scalable, and elegant software that sets a new standard for the tools upon which our first responders rely. Our users are diverse, and we are therefore committed to embracing diversity of thought and experience within our team.

We are looking for a Senior GRC Specialist to join our team. You will be reporting to our Senior Director of GRC. This role requires a deep understanding of governance, risk, and compliance practices within SaaS environments, including experience with various regulations/frameworks (i.e. CJIS, NIST, GDPR, FedRAMP). The ideal candidate will be a strategic thinker, capable of designing and implementing robust GRC processes that align with industry standards and regulatory requirements.

What you can expect to work on

• Develop, implement, and maintain Security policies, procedures, and standards to ensure compliance with relevant regulations and industry best practices.
• Oversee and help manage the company's compliance with CJIS, NIST, FedRAMP, and other applicable frameworks and standards.
• Conduct risk assessments, identify potential risks, and develop mitigation strategies to minimize impact.
• Manage process improvement, control maturity, and risk communication within assigned GRC service activities.
• Respond promptly to security assessments, questionnaires, and audits from customers and third-party business partners.
• Collaborate with internal stakeholders, including IT, Security, Legal, and Operations, to ensure alignment and integration of GRC initiatives.
• Provide training and awareness programs to employees on GRC-related topics.
• Evaluate IT programs and components for compliance with published standards. Manage exceptions and track requests related to security controls.
• Enhance processes to protect sensitive information and mitigate data breaches.
• Ensure appropriate risk treatment, compliance, and assurance from both internal and external perspectives.
• Serve as a subject matter expert in Information Security, providing consulting to technical and non-technical audiences.

What we expect from you

• Experience in managing process improvement, control maturity, and risk communication within GRC service activities.
• A history of streamlining processes to improve efficiency.
• Five-eight years of work experience in a GRC role within a SaaS or technology company.
• In-depth knowledge of CJIS, NIST, and FedRAMP frameworks, with demonstrated experience in implementing and managing compliance programs.
• Strong understanding of risk management principles and practices, including conducting risk assessments and developing mitigation strategies.
• Ability to maintain accurate records and manage client security and risk requests.
• Ability to independently facilitate and lead project and risk assessments.
• Demonstrated history of maintaining security policy, standard, guideline, and procedure documents.
• Can effectively communicate technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management, and non-technical users.
• Broad experience and exposure to cloud-hosted services, applications, infrastructure, including architecture, log management, monitoring, and security configuration requirements.
• Relevant certifications (e.g., CISA, CISM, CRISC) are a plus.

People who thrive on our team also tend to share the following characteristics:

• Humble, open, and curious.
• Attentive, active listeners. You are interested in what others have to say and illustrate your interest with your actions.
• Resilience. You do not shy away from challenging work, and you proactively help your team solve problems.
• Enthusiastic collaborators. You understand that the best outcomes are achieved through shared ownership and seek to spread knowledge and expand participation rather than restrict it.
• Comfortable with uncertainty. You know that sometimes problems and situations can’t be simplified or fully understood and are at ease working within this type of haziness.
• Passionate about personal growth. You view mistakes as opportunities for learning, and want to grow as a designer, colleague, and person.
• Eager to help others. You look for ways to provide support for more junior members of the team and develop cooperative working relationships.