Governance, Risk, & Compliance Specialist (REMOTE)

Beacon Hill is now hiring for a fully-remote GRC specialist who has experience working in the energy sector. This is a contract to hire position with occasional travel. If you or anyone you know is interested, please apply online and we will reach out!

Governance, Risk & Compliance (GRC) Specialist

Overview

Seeking a GRC Specialist to support the Information Security team by managing security compliance, audits, risk assessments, policy governance, and regulatory requirements across enterprise technology environments. This role will help strengthen the organization’s security posture through effective governance and continuous compliance monitoring.

Required Qualifications

• 3+ years of experience in GRC, cybersecurity compliance, IT audit, information security, or related areas.
• Knowledge of frameworks including NIST, ISO 27001, SOC 2, and CIS Controls.
• Experience supporting audits, control testing, evidence collection, and remediation activities.
• Ability to develop and maintain security policies, standards, and procedures.
• Experience with risk assessments, compliance reviews, and vendor risk management.
• Strong documentation, organizational, and communication skills.
• Experience collaborating with IT, Security, Engineering, Legal, Compliance, and other business teams.
• Working knowledge of cloud security, identity and access management, vulnerability management, and incident response.

Preferred Qualifications

• Experience in regulated or critical infrastructure industries.
• Relevant certifications such as CISA, CISM, CISSP, CRISC, Security+, or ISO 27001.
• Experience with GRC platforms including ServiceNow GRC, Archer, OneTrust, AuditBoard, LogicGate, Drata, or Vanta.
• Familiarity with privacy, data protection, and third-party risk management programs.
• Experience creating compliance reporting, risk dashboards, and executive-level presentations.

Responsibilities

• Support governance, risk, and compliance initiatives across the organization.
• Maintain security documentation, policies, and compliance records.
• Coordinate audit activities and compliance evidence collection.
• Track remediation efforts, audit findings, exceptions, and risk treatment plans.
• Conduct control testing, risk assessments, and vendor reviews.
• Assist with mapping controls to security and compliance frameworks.
• Maintain risk registers, control inventories, and compliance reporting.
• Partner with internal stakeholders to support security and regulatory requirements.
• Monitor compliance trends and contribute to continuous improvement of the security program.