Talascend is currently seeking a Cybersecurity Governance Risk And Compliance Specialist for a contract opportunity with our client in Bellevue, Washington (State) .

Overview

As a GRC Specialist, you will be responsible for ensuring cybersecurity strategies and policies are in compliance with industry regulations and mitigate risks to ensure data security.

Responsibilities

• Partner with Legal, Compliance, and Regulatory Affairs to manage overall compliance with internal policies, nuclear regulations (NIRMA, CFR), applicable law (HIPAA, GDPR), and information security industry standards (NIST, ISO/IEC).
• Develop, maintain, and enforce the organization's information security policies, processes, and procedures.
• Manage the company’s System Security Plan (SSP) in alignment with our security controls.
• Maintain the company’s cybersecurity Plan of Action and Milestones (POA&M) assigning risk values to the matrix to drive priority.
• Conduct and participate in internal and external audits for compliance with applicable laws, regulations, and industry standards.
• Develop and maintain an effective cybersecurity risk management program, including risk assessments, vulnerability assessments, and threat assessments.
• Assist in creating, maintaining and reporting of a corporate Risk Register for leadership review.
• Work with cross-functional teams to identify and assess security vulnerabilities and develop effective mitigation strategies.
• Ensure incident response policies, playbooks, and escalation procedures are in place.
• Contribute to development of information security awareness training to ensure all staff members are knowledgeable with the organization’s cybersecurity policies, procedures, and standards.

Qualifications

• Bachelor's degree in Computer Science, Information Security, or related field.
• Minimum of 5 years of experience in cybersecurity governance, risk, and compliance roles.
• At least one industry certification (e.g., CISA, CISM, CGEIT, CRISC, CISSP, ISAAP, GRCP).

Requirements

• Knowledge of industry regulations and standards, such as NIRMA, Code of Federal Regulations (10 CFR Part 810), HIPAA, FedRamp, CMMC, GDPR, NIST Cybersecurity Framework (especially 800-53 and 800-171), ISO 27001, etc.
• Proven track record of coordinating with external auditors and participating in compliance audits.
• Strong analytical, critical-thinking, and problem-solving skills, with the ability to identify and assess risks and develop effective mitigation strategies.
• Excellent communication skills, both verbal and written, with the ability to communicate complex cybersecurity concepts to technical and non-technical audiences.
• Willing to share knowledge and assist others in understanding technical and business topics.
• Strong project management skills, with the ability to manage multiple projects simultaneously and meet tight deadlines.
• Familiarity with security assessment tools and techniques, such as vulnerability scanning and penetration testing.
• Self-motivated, constructive and positive attitude.
• The successful candidate will possess a high degree of trust and integrity, communicate openly and display respect and a desire to foster teamwork.
• Experience effectively managing security controls in hybrid (Cloud & on-prem) environments.
• Experience working in a heavily regulated industry.
• Project management experience is preferred.
• Travel required: 0-5%

Shift

Remote eligible, with preference for candidates willing to work onsite at our corporate headquarters in Bellevue, WA.

We thank all applicants for their interest. However, only those qualified individuals who closely meet the qualifications of the position will be contacted. The details of the position are only a summary, other duties may be assigned as necessary.

Background Check and Drug Screen may be required.