MENU
  • Remote Jobs
  • Companies
  • Go Premium
  • Job Alerts
  • Post a Job
  • Log in
  • Sign up
Working Nomads logo Working Nomads
  • Remote Jobs
  • Companies
  • Post Jobs
  • Go Premium
  • Get Free Job Alerts
  • Log in

GRC Program Specialist

iHerb

Full-time
USA
$116k-$184k per year
aws
risk management
infosec
cloud
security
The job listing has expired. Unfortunately, the hiring company is no longer accepting new applications.

To see similar active jobs please follow this link: Remote System Administration jobs

Job Summary:

The position is responsible for supporting the security direction of the business and elevating the company’s security posture. The GRC Program Specialist is expected to support the security strategy of the business with new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as innovative technologies and requirements. The GRC role is also responsible for the planning and design of policies and maintenance.

Job Expectations:

The ideal candidate is technical and possesses at least three or more years of experience in security, compliance, or risk management. The role oversees the business’ security requirements and obligations mandated by standards and regulations such as the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), General Data Protection Regulation (GDPR), Health Information Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS). In tandem with security leadership, the GRC role consistently assesses and validates the assurance of the security, vendor, and third-party risk management program. As a primary point of contact for internal and external auditors, the GRC role monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the GRC role must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.

  • Assist in periodic re-validation of our Top Risks and drive improvements for risk reduction

  • Assist with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our GRC processes and policies

  • Maintain oversight in a GRC-related platform.

  • Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.

  • Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.

  • Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalating to security management and business unit leads when points of weakness are discovered.

  • Analyze findings, and document, recommend and report program gaps to security leadership.

  • Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices, and procedures.

  • Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.

  • Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes. Maintain rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts.

  • Function as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting.

  • Help support various parts of the company to adopt a common risk and control framework 

  • Assist with all ongoing compliance activities related to the implementation, maintenance, monitoring, and continuous improvement of the Information Security Management System (ISMS)

  • Evaluate the effectiveness of information security controls and performance by developing, monitoring, gathering, and analyzing information security and compliance metrics for management

  • Advise and collaborate with SMEs, including Audit & Compliance teams, to ensure adequate security controls are in place to manage risk and are aligned with leading best practices

  • Perform security policy and standard gap analysis, propose and draft documents and changes

The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job.  Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.

Knowledge, Skills and Abilities:

Required:

  • Experience working with Agile methodology, JIRA, and GRC tools

  • Specialist 3+ years of relevant industry experience

  • Strong knowledge of and experience in security risk management lifecycle

  • Familiar with security compliance frameworks and requirements, e.g., SOC 1/2, PCI, ISO27001, NIST CSF, and others.

  • Experience in third party risk assessment and third-party risk continuous monitoring

  • Experience in security policy governance lifecycle

  • Experience working with, Cloud technologies/environments, AWS or other related cloud experience is required

  • Effective communication, interpersonal and leadership skills to work with both engineering and other non-technical stakeholders

  • Strong security and compliance domain knowledge

  • Bachelor's degree or equivalent practical experience

#LI-JC1

About the job

Full-time
USA
$116k-$184k per year
Posted 1 year ago
aws
risk management
infosec
cloud
security
Enhancv advertisement
+ 1,284 new jobs added today
30,000+
Remote Jobs

Don't miss out — new listings every hour

Join Premium

GRC Program Specialist

iHerb
The job listing has expired. Unfortunately, the hiring company is no longer accepting new applications.

To see similar active jobs please follow this link: Remote System Administration jobs

Job Summary:

The position is responsible for supporting the security direction of the business and elevating the company’s security posture. The GRC Program Specialist is expected to support the security strategy of the business with new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as innovative technologies and requirements. The GRC role is also responsible for the planning and design of policies and maintenance.

Job Expectations:

The ideal candidate is technical and possesses at least three or more years of experience in security, compliance, or risk management. The role oversees the business’ security requirements and obligations mandated by standards and regulations such as the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), General Data Protection Regulation (GDPR), Health Information Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS). In tandem with security leadership, the GRC role consistently assesses and validates the assurance of the security, vendor, and third-party risk management program. As a primary point of contact for internal and external auditors, the GRC role monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the GRC role must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.

  • Assist in periodic re-validation of our Top Risks and drive improvements for risk reduction

  • Assist with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our GRC processes and policies

  • Maintain oversight in a GRC-related platform.

  • Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.

  • Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.

  • Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalating to security management and business unit leads when points of weakness are discovered.

  • Analyze findings, and document, recommend and report program gaps to security leadership.

  • Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices, and procedures.

  • Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.

  • Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes. Maintain rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts.

  • Function as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting.

  • Help support various parts of the company to adopt a common risk and control framework 

  • Assist with all ongoing compliance activities related to the implementation, maintenance, monitoring, and continuous improvement of the Information Security Management System (ISMS)

  • Evaluate the effectiveness of information security controls and performance by developing, monitoring, gathering, and analyzing information security and compliance metrics for management

  • Advise and collaborate with SMEs, including Audit & Compliance teams, to ensure adequate security controls are in place to manage risk and are aligned with leading best practices

  • Perform security policy and standard gap analysis, propose and draft documents and changes

The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job.  Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.

Knowledge, Skills and Abilities:

Required:

  • Experience working with Agile methodology, JIRA, and GRC tools

  • Specialist 3+ years of relevant industry experience

  • Strong knowledge of and experience in security risk management lifecycle

  • Familiar with security compliance frameworks and requirements, e.g., SOC 1/2, PCI, ISO27001, NIST CSF, and others.

  • Experience in third party risk assessment and third-party risk continuous monitoring

  • Experience in security policy governance lifecycle

  • Experience working with, Cloud technologies/environments, AWS or other related cloud experience is required

  • Effective communication, interpersonal and leadership skills to work with both engineering and other non-technical stakeholders

  • Strong security and compliance domain knowledge

  • Bachelor's degree or equivalent practical experience

#LI-JC1

Working Nomads

Post Jobs
Premium Subscription
Sponsorship
Reviews
Job Alerts

Job Skills
Jobs by Location
Jobs by Experience Level
Jobs by Position Type
Jobs by Salary
API
Scam Alert
FAQ
Privacy policy
Terms and conditions
Contact us
About us

Jobs by Category

Remote Administration jobs
Remote Consulting jobs
Remote Customer Success jobs
Remote Development jobs
Remote Design jobs
Remote Education jobs
Remote Finance jobs
Remote Legal jobs
Remote Healthcare jobs
Remote Human Resources jobs
Remote Management jobs
Remote Marketing jobs
Remote Sales jobs
Remote System Administration jobs
Remote Writing jobs

Jobs by Position Type

Remote Full-time jobs
Remote Part-time jobs
Remote Contract jobs

Jobs by Region

Remote jobs Anywhere
Remote jobs North America
Remote jobs Latin America
Remote jobs Europe
Remote jobs Middle East
Remote jobs Africa
Remote jobs APAC

Jobs by Skill

Remote Accounting jobs
Remote Assistant jobs
Remote Copywriting jobs
Remote Cyber Security jobs
Remote Data Analyst jobs
Remote Data Entry jobs
Remote English jobs
Remote Entry Level jobs
Remote Spanish jobs
Remote Project Management jobs
Remote QA jobs
Remote SEO jobs

Jobs by Country

Remote jobs Australia
Remote jobs Argentina
Remote jobs Belgium
Remote jobs Brazil
Remote jobs Canada
Remote jobs Colombia
Remote jobs France
Remote jobs Germany
Remote jobs Ireland
Remote jobs India
Remote jobs Japan
Remote jobs Mexico
Remote jobs Netherlands
Remote jobs New Zealand
Remote jobs Philippines
Remote jobs Poland
Remote jobs Portugal
Remote jobs Singapore
Remote jobs Spain
Remote jobs UK
Remote jobs USA


Working Nomads curates remote digital jobs from around the web.

© 2026 Working Nomads.