GRC Specialist (Governance, Risk, Compliance)

About the position As a GRC ITSM Specialist, you will bridge Governance, Risk & Compliance (GRC) and IT Service Management (ITSM) disciplines to strengthen our global IT operations and compliance posture. You will work across security, compliance, and service management teams to ensure processes, controls, and IT services meet internal standards, industry regulations, and contractual requirements. This role will report to our Global Manager of Info Sec & GRC. You will be responsible for supporting the Global Manager in designing, implementing, and maintaining ITSM processes that align with GRC frameworks, driving operational excellence, audit readiness, and risk mitigation. You’ll collaborate with teams across multiple geographies to ensure consistent service delivery and compliance across our global telecoms environment. Work Locations: This is a hybrid or remote optional position with the ability to be based out of one of the following office locations: Grand Rapids, Michigan, Herndon, Virginia, Alpharetta, Georgia, Blue Bell, Pennsylvania, or New York, New York. This position must live and be authorized to work in the United States; it is not eligible for relocation or sponsorship. Hours: Typically between 8am to 6pm ET; will need to accommodate flex hours for international teams. Travel: Approximately 25% or less

Responsibilities

• Maintain credentials at 100% pass rate.
• Support the development, implementation, and maintenance of GRC frameworks (e.g., ISO 27001, SOC 2, GDPR, Cyber Essentials Plus).
• Conduct periodic risk assessments, control testing, and compliance monitoring across ITSM processes.
• Assist in internal and external security/compliance audits by preparing evidence, reports, and remediation plans.
• Maintain documentation of policies, procedures, and controls in alignment with global standards and regulatory requirements.
• Administer and enhance ITSM platforms (e.g., ServiceNow, Jira Service Management) to ensure effective incident, problem, change, and request management processes.
• Monitor and report on ITSM KPIs, SLAs, and OLAs to identify trends, risks, and opportunities for improvement.
• Support change management processes to ensure security, compliance, and minimal operational disruption.
• Collaborate with IT operations and security teams to ensure alignment between IT service delivery and compliance requirements.
• Act as a liaison between IT, Security, and Compliance teams to ensure service delivery aligns with regulatory and contractual obligations.
• Provide training and awareness sessions for ITSM and compliance best practices.
• Recommend and implement process improvements to reduce risk and enhance efficiency in service delivery.

Requirements

• Strong understanding of ITIL processes (incident, problem, change, request, asset/configuration management).
• GRC Framework Knowledge like ISO 27001, SOC2, NIST.
• Experience with audits and compliance support.
• Ability to identify, assess, and prioritize risks within the company.
• Skilled in establishing and analyzing KPIs/SLAs/OLAs to monitor service quality and compliance performance.
• Skilled at streamlining workflows and improving efficiency while maintaining compliance.
• Keen attention to detail by ensuring accuracy in compliance documentation, service records, and audits.
• Comfortable working cross functionally with security, IT operations, compliance, and business teams across multiple geographies.
• Ability to explain technical and compliance concepts to non-technical audiences.
• Experience building relationships and trust with internal and external stakeholders.
• Thrives in a fast-paced, globally distributed environment with changing priorities.
• A proactive mindset.
• 5+ years of combined experience in IT Service Management and Governance, Risk & Compliance within a global enterprise.
• Working knowledge of compliance frameworks such as ISO 27001, SOC 2, GDPR, NIST or similar.
• Experience preparing for and supporting internal and external audits.
• Ability to analyze service metrics, identify trends, and recommend process improvements.
• Strong communication skills, with experience working across global teams and time zones.

Nice-to-haves

• Security/GRC certifications (e.g., CISA, ISO 27001 Lead Implementer/Auditor, CompTIA Security+).
• Experience in a regulated industry (telecommunications, finance, healthcare).

Benefits

• Competitive industry salaries
• Comprehensive medical, dental, and vision insurance
• Company-provided life and disability insurance
• Matching 401 (k) plan
• Employee Emergency Assistance Fund
• Paid holidays and vacation time

Apply tot his job Apply To this Job