Principal GRC Security Specialist

Job Overview

Were looking for an experienced and strategic Principal GRC Security Analyst to help lead our Governance, Risk, and Compliance efforts. In this role, youll work cross-functionally to drive security initiatives, support compliance frameworks, and partner with both internal teams and external customers to ensure trust, transparency, and operational excellence.

About Us

When you join iCIMS, you join the team helping global companies transform business and the world through the power of talent. Our customers do amazing things: design rocket ships, create vaccines, deliver consumer goods globally, overnight, with a smile. As the Talent Cloud company, we empower these organizations to attract, engage, hire, and advance the right talent. Were passionate about helping companies build a diverse, winning workforce and about building our home team. We're dedicated to fostering an inclusive, purpose-driven, and innovative work environment where everyone belongs.

Responsibilities

• Assist in identifying and tracking information security risks, assessing their impact, and monitoring the execution of mitigation plans in alignment with established security policies and controls.
• Manage internal risk assessments.
• Support Sales and Customer Success by responding to security questionnaires and speaking to technical controls
• Track and report on GRC metrics, KPIs, and audit remediation activities
• Collaborate with Product, Development, Engineering, and Legal to embed securitypractices company-wide
• Assist in updating, maintaining and maturing security policies, awareness campaigns, and disaster recovery planningDevelop and define associated metrics to allow clear visibility into iCIMS governance, risk, and compliance status.
• Provide leadership and act as key stakeholder of regulatory and compliance initiatives (e.g. ISO 27001, SOC 2, GDPR, Tx-RAMP, etc.). Participate in associated audits as necessary.
• DevelopKey Performance Indicators (KPI) and Key Risk Indicators (KRI) toensure compliance-related controls are operating to an acceptable tolerance level.
• Strong understanding of security tools to support the execution of Security Control Assessments and evaluate control effectiveness.
• Lead security compliance efforts across ISO 27001, SOC 2, GDPR, and otherframeworks
• Develop and define associated metrics to allow clear visibility into iCIMS governance, risk, and compliance status.
• Provide strategic guidance and insights to strengthen and mature the Governance, Risk, and Compliance (GRC) program.

Qualifications

• 5+ years in GRC, risk, or information security roles
• Strong knowledge of frameworks like ISO 27001, NIST, SOC 2, GDPR, and risk assessment methodologies
• Knowledge of risk management processes and frameworks (e.g., methods for assessing and mitigating risk).
• Experience in SaaS environments and cloud platforms such as AWS or Azure
• Excellent communication skills, including comfort engaging with customers, executives, and auditors
• Demonstrated success driving compliance projects and risk management programs
• A self-starter with the demonstrated ability to take initiative, who can proactively identify issues/opportunities and recommend actions
• Demonstrated ability to advance and mature GRC programs through collaborationwith enterprise-level stakeholders.
• Familiar with and able to apply generally accepted security methods, concepts and techniques, including an understanding of networks, operating systems, cloud operations and associated technologies and services.
• Understanding of privacy standards, PII protection, and third-party risk management

Preferred

• Prior experience with cloud-based security tools, technologies, and controls (e.g., Amazon AWS, Azure, Google Cloud).
• CISSP, CISA, CRISC, CISM or similar security/GRC focused certifications.