GRC Governance Specialist

Job Description

The GRC Governance Specialist plays a pivotal role in overseeing and supporting essential Cybersecurity and Information Security initiatives. This position ensures that the organization complies with regulatory requirements and internal policies. Conducting thorough analysis to identify discrepancies between current security policies and industry best practices, and highlighting areas for improvement to enhance the overall security posture. Developing and maintaining robust security policies to safeguard Stride’s data and IT infrastructure. Regularly reviewing and updating policies to ensure compliance with evolving regulations and industry standards. Providing comprehensive training and guidance to staff on security best practices and policy adherence, fostering a culture of security awareness throughout the organization.

SUMMARY: The GRC Governance Specialist plays a pivotal role in overseeing and supporting essential Cybersecurity and Information Security initiatives.  This position ensures that the organization complies with regulatory requirements and internal policies.  Conducting thorough analysis to identify discrepancies between current security policies and industry best practices, and highlighting areas for improvement to enhance the overall security posture.  Developing and maintaining robust security policies to safeguard Stride’s data and IT infrastructure.  Regularly reviewing and updating policies to ensure compliance with evolving regulations and industry standards.  Providing comprehensive training and guidance to staff on security best practices and policy adherence, fostering a culture of security awareness throughout the organization.

Essential Functions:   Reasonable accommodations may be made to enable individuals with disabilities to perform essential duties.

• Mature, execute and maintain a policy management lifecycle process, including develop, implement, and manage communication of security policies, control standards, best practices and guidance.
• Document current state policy and procedures, research best practices, identify gaps, and develop target state for IT security oversight process.
• Provide subject matter expertise in governance, focusing on strategic initiatives and the latest emerging technologies and trends.
• Provide support for security governance activities, including managing communication about security policies, standards, and control frameworks.
• Continuously assess existing policies for relevancy and accuracy and partner with the business to identify and manage risks associated with policy violations and exceptions.
• Identify, assess, track and report on security risks across the enterprise. Track risk decisions and remediation plans and communicate risks to both technical and non-technical audiences.
• Work closely with the Risk Manager to identify IT security risks to the business, work with the security team on client security reviews, and drive the development of remediation plans for both when appropriate.
• Develop reporting for management by analyzing IT security controls and risk exposure.
• Plan, manage, and maintain the organization-wide security awareness program to increase awareness of information security policies and standards through training and communication.  
• Develop compelling and effective security awareness content, training and campaigns from concept to writing, editing, uploading, and publishing across multiple communication channels.
• Create and report on phishing simulations and other social engineering campaigns to heighten security awareness and engagement.
• Maintain key metrics and leadership dashboards to assess and track the performance of the security awareness program.
• Consistently deliver high-quality services and deliverables to clients.

Supervisory Responsibilities:  This position has no formal supervisory responsibilities.

Minimum Required Qualifications:   

• Bachelor’s degree in Computer Science, Information Systems, Information Security & Assurance, Information Technology, Cybersecurity Policy, or related field required AND
• Seven (5) years of experience in IT Security, IT Governance, Risk, & Compliance
• Equivalent combination of education and experience, including prior relevant military service experience.

Certificates and Licenses: None required.

OTHER REQUIRED QUALIFICATIONS: 

• Demonstrate experience with developing and maintaining information security policies and standards aligned to regulatory or other control frameworks such as NIST, SOX, HIPAA, FERPA, etc.
• Strong experience initiating, facilitating, and promoting Cybersecurity awareness and education within the organization and collaborating with business partners to manage Cybersecurity needs.
• Strong understanding of information security risk management and/or audit practices.
• Strong ability to develop relationships across cross functional areas and inspire trust and confidence through effective communication and interpersonal skills.
• Experience with managing cybersecurity controls based on a thorough understanding of industry standards and regulations to protect the company from external and internal threats.
• Excellent communication and presentation skills.
• Ability to identify, document, and communicate information security issues to business and information owners.
• Ability to maintain confidentiality of sensitive information.
• Microsoft Office (Outlook, Word, Excel, PowerPoint, Project, Visio, etc.)
• Ability to clear a background check.

Desired Qualifications: 

• CISA, CRISC, CISM, SANS, or other relevant information security certifications
• Knowledge of relevant standards such as ISO/IEC 27000 family - Information Security Management Systems, NIST Cybersecurity Framework, NIST  800, and applicable laws related to regulatory compliance, information security, and privacy (e.g., SOX, HIPAA, GDPR, PCI-DSS)
• Experience with developing and maintaining information security policies and standards-aligned to regulatory or other control frameworks such as NIST, SOX, HIPAA, FERPA, etc.
• Prior experience in the Education industry is a plus.
• Knowledge and understanding of information technology and networking concepts.

Work Environment:  The work environment characteristics described here represent those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

• This is an office- or home-based position.  The noise level in the office is usually moderate (computers, printers, light foot traffic).  

Compensation & Benefits: Stride, Inc. considers a person’s education, experience, and qualifications, as well as the position’s work location, expected quality and quantity of work, required travel (if any), external market and internal value when determining a new employee’s salary level.  Salaries will differ based on these factors, the position’s level and expected contribution, and the employee’s benefits elections.  Offers will typically be in the bottom half of the range.

• We anticipate the salary range to be $66,379.50- $170,037.60. The upper end of this range is not likely to be offered, as an individual’s compensation can vary based on several factors. These factors include, but are not limited to, geographic location, experience, training, education, and local market conditions. Eligible employees may receive a bonus. Stride offers a robust benefits package for eligible employees that can include health benefits, retirement contributions, and paid time off.

The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor.  All employment is “at-will” as governed by the law of the state where the employee works.  It is further understood that the “at-will” nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer. 

Job Type

Regular

The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor. All employment is “at-will” as governed by the law of the state where the employee works.  It is further understood that the “at-will” nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer.

Stride, Inc. is a Federal Contractor, an Equal Opportunity/Affirmative Action Employer and a Drug-Free Workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected Veteran status age, or genetics, or any other characteristic protected by law.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

Apply