**Job Title:** Cybersecurity Governance, Risk & Compliance (GRC) Specialist – Third Party Risk Management & Security Compliance
---
Join arenaflex as a Cybersecurity Governance, Risk & Compliance Specialist
Are you passionate about cybersecurity and ready to make a meaningful impact in a dynamic, innovative organization? arenaflex is seeking an experienced Governance, Risk, and Compliance (GRC) professional to join our cybersecurity team and help protect our organization from evolving digital threats while ensuring we meet the highest industry standards and regulatory requirements.
This is a unique opportunity to be part of a forward-thinking cybersecurity crew that combines cutting-edge technology with strategic risk management. As a GRC Specialist at arenaflex, you will play a critical role in guiding our governance activities, managing third-party risks, and ensuring the highest levels of security compliance across our operations. You'll work alongside talented cybersecurity professionals who are dedicated to formulating and implementing strategies that align with our business objectives while effectively managing risks and meeting industry standards.
About arenaflex
At arenaflex, we believe in the power of innovation and the importance of robust cybersecurity practices. Our Cybersecurity Crew consists of skilled professionals who formulate and implement techniques and recommendations to help the organization align with its commercial enterprise goals while dealing with dangers correctly and meeting industry guidelines and standards. We work on cutting-edge technology and toward new innovations in the area of cybersecurity to deliver excellence in everything we do.
Our team is committed to fostering a culture of security awareness, continuous improvement, and collaboration. We understand that in today's rapidly evolving digital landscape, having a strong GRC framework is essential for maintaining trust with our stakeholders and protecting our assets. When you join arenaflex, you become part of a community that values excellence, integrity, and innovation.
Position Overview
We are looking for a dedicated Cybersecurity GRC Specialist to manage our Third Party Risk Management (TPRM) program and support internal security compliance requirements. This role is crucial in ensuring that our organization's exposure to cyber risks through third-party relationships is properly identified, assessed, and mitigated. You'll be working with business stakeholders across the organization to conduct thorough due diligence assessments, analyze security controls, and develop remediation plans that address identified vulnerabilities.
The ideal candidate will have a strong background in governance, risk management, and compliance, with specific experience in third-party risk management and information security frameworks. You'll need to be comfortable working in a fast-paced environment, managing multiple priorities, and communicating effectively with both technical and non-technical stakeholders.
Key Responsibilities
Third Party Risk Management (TPRM)
Lead and support the organization's Third Party/Internal Risk Management program, ensuring comprehensive cyber risk due diligence examinations are conducted for all third-party relationships
Validate incoming third-party and internal risk assessment requests, working closely with business stakeholders to confirm request details and define the scope of engagement
Conduct kick-off meetings with business stakeholders and relevant third parties to establish assessment parameters and expectations
Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, reviewing submitted questionnaires for completeness and accuracy
Analyze questionnaire responses and identify risks arising from the current design and operational effectiveness of internal/third party's security controls
Document responses, associated findings, and remediation plans in the organization's risk management systems
Draft and review comprehensive assessment reports for all checks performed, ensuring respective business stakeholders provide final reviews and approvals
Serve as a primary liaison to address queries related to risk control techniques and evaluations, responding to business units or third parties as required
Perform continuous monitoring of third parties through the organization's systems for current and new findings, tracking any findings to closure
Identify opportunities for improvement within the organization's systems and strategies
Work closely with risk leads and supervisors to schedule and execute a range of supporting activities related to the risk management program
Governance, Threat and Compliance
Lead and support the development of cybersecurity risk and compliance-related strategies to ensure treatment of cybersecurity risk consistent with the organization's risk appetite
Maintain and document compliance with information security-related guidelines and processes through planning, testing, remediating, tracking, and reporting on control reviews and risk assessments
Lead the development and delivery of compliance and risk education and ongoing communications that help build a culture of security and compliance
Stay current with regulatory changes, new guidelines, technology developments, and internal policy modifications to identify new key risk areas
Lead activities to maintain and guide ISO 27001 certification and other relevant security standards
Support the implementation of security frameworks and best practices across the organization
Participate in internal and external audits as required, providing documentation and evidence of compliance
Essential Qualifications & Experience
Education: Relevant bachelor's/master's degree from an accredited university or equivalent professional experience in cybersecurity, information technology, or a related field
Experience: Minimum of 4 years of experience in third-party risk management, information security, and audit and compliance tracking, with at least 2-3 years specifically in TPRM or internal audit roles
Industry Experience: Preferred experience working with large enterprises and/or recognized consulting firms
Technical Knowledge: Working understanding of information security best practices and requirements, including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements, and other relevant frameworks
Risk Management: Experience in the management of risk, controls, and compliance, with knowledge of risk assessment methodologies – both qualitative and quantitative approaches
Certifications (Preferred): One or more of the following: CISA, CRISC, ISO27001 Lead Implementer/Auditor, CISSP, or equivalent certifications
Technical Skills: Experience with AI/ML in cybersecurity is a plus
Competencies & Skills Required for Success
Technical Competencies
Strong understanding of information security principles, frameworks, and best practices
Proficiency in risk assessment methodologies and tools
Knowledge of regulatory requirements and compliance frameworks
Experience with GRC platforms and risk management systems
Ability to analyze complex security scenarios and develop practical recommendations
Strong documentation and report-writing skills
Professional Skills
Outstanding stakeholder management and relationship-building abilities
Excellent analytical and problem-solving skills with the ability to think critically
Strong presentation-making and delivery abilities
Exceptional communication skills, both verbal and written
Ability to navigate fast-paced environments and be flexible with working hours
Adaptability to changing conditions and ability to drive quality change
Personal Attributes
Strong interpersonal abilities with the capacity to work effectively with diverse teams
High level of integrity and commitment to ethical practices
Proactive approach to identifying risks and implementing solutions
Ability to work independently and as part of a collaborative team
Continuous improvement mindset with a passion for learning
Strong attention to detail and accuracy
Career Growth & Learning Opportunities
At arenaflex, we are committed to the professional development and growth of our team members. As a GRC Specialist, you will have access to numerous opportunities for career advancement and skill development:
Career Advancement: This role provides a solid foundation for progression into senior GRC positions, such as Risk Lead, Compliance Manager, or Chief Information Security Officer (CISO) roles
Professional Development: We support ongoing education and certification maintenance, providing resources and time for professional growth
Cross-Functional Exposure: You'll gain experience working with various business units and stakeholders, broadening your understanding of the organization
Industry Recognition: Work with leading security frameworks and standards, building expertise that is highly valued in the industry
Innovation Projects: Opportunities to participate in innovative cybersecurity initiatives and contribute to the evolution of our security program
Mentorship: Access to experienced professionals who can guide your career development
Work Environment & Culture
arenaflex offers a dynamic and inclusive work environment that values diversity and promotes work-life balance. Our culture is built on collaboration, innovation, and mutual respect. We understand that our employees are our most valuable asset, and we strive to create an environment where everyone can thrive.
As part of our team, you'll enjoy:
Flexible Work Arrangements: Remote work options and flexible scheduling to support work-life balance
Inclusive Culture: A welcoming environment where diverse perspectives are valued and celebrated
Team Collaboration: Opportunities to work with talented professionals across different departments and locations
Innovation Focus: Encouragement to propose new ideas and innovative solutions to challenges
Continuous Learning: Access to training resources, workshops, and professional development opportunities
Compensation & Benefits
arenaflex offers a competitive compensation package that recognizes your skills, experience, and contributions. Our benefits package includes:
Competitive Salary: Attractive annual salary commensurate with experience and qualifications
Health & Wellness: Comprehensive health insurance coverage, including medical, dental, and vision plans
Retirement Plans: 401(k) or equivalent retirement savings plan with company matching
Paid Time Off: Generous vacation, sick leave, and personal days
Professional Development: Support for certifications, training, and continuing education
Employee Assistance Program: Resources for personal and professional challenges
Work-Life Balance: Flexible work arrangements and supportive policies
Why Join arenaflex?
By joining arenaflex, you become part of an organization that values excellence, innovation, and integrity in cybersecurity. You'll have the opportunity to make a meaningful impact by helping to protect the organization from cyber threats while ensuring compliance with industry standards and regulations.
We are looking for a professional who shares our commitment to cybersecurity excellence and is excited about the opportunity to grow with our organization. If you have the skills, experience, and passion for governance, risk management, and compliance, we encourage you to apply and become part of our dedicated cybersecurity team.
This is more than just a job – it's a chance to build a rewarding career in cybersecurity while contributing to an organization that values its people and is committed to maintaining the highest standards of security and compliance.
How to Apply
If you are ready to take the next step in your career and join a team of dedicated cybersecurity professionals, we want to hear from you! Please submit your application today.
arenaflex is an equal opportunity employer committed to diversity and inclusion. We encourage candidates from all backgrounds to apply.
Note: This position offers flexible work arrangements, including remote work options. The specific details will be discussed during the interview process.
Apply now to join the arenaflex cybersecurity team and help us shape the future of security and compliance!
Join arenaflex as a Cybersecurity Governance, Risk & Compliance Specialist
Are you passionate about cybersecurity and ready to make a meaningful impact in a dynamic, innovative organization? arenaflex is seeking an experienced Governance, Risk, and Compliance (GRC) professional to join our cybersecurity team and help protect our organization from evolving digital threats while ensuring we meet the highest industry standards and regulatory requirements.
This is a unique opportunity to be part of a forward-thinking cybersecurity crew that combines cutting-edge technology with strategic risk management. As a GRC Specialist at arenaflex, you will play a critical role in guiding our governance activities, managing third-party risks, and ensuring the highest levels of security compliance across our operations. You'll work alongside talented cybersecurity professionals who are dedicated to formulating and implementing strategies that align with our business objectives while effectively managing risks and meeting industry standards.
About arenaflex
At arenaflex, we believe in the power of innovation and the importance of robust cybersecurity practices. Our Cybersecurity Crew consists of skilled professionals who formulate and implement techniques and recommendations to help the organization align with its commercial enterprise goals while dealing with dangers correctly and meeting industry guidelines and standards. We work on cutting-edge technology and toward new innovations in the area of cybersecurity to deliver excellence in everything we do.
Our team is committed to fostering a culture of security awareness, continuous improvement, and collaboration. We understand that in today's rapidly evolving digital landscape, having a strong GRC framework is essential for maintaining trust with our stakeholders and protecting our assets. When you join arenaflex, you become part of a community that values excellence, integrity, and innovation.
Position Overview
We are looking for a dedicated Cybersecurity GRC Specialist to manage our Third Party Risk Management (TPRM) program and support internal security compliance requirements. This role is crucial in ensuring that our organization's exposure to cyber risks through third-party relationships is properly identified, assessed, and mitigated. You'll be working with business stakeholders across the organization to conduct thorough due diligence assessments, analyze security controls, and develop remediation plans that address identified vulnerabilities.
The ideal candidate will have a strong background in governance, risk management, and compliance, with specific experience in third-party risk management and information security frameworks. You'll need to be comfortable working in a fast-paced environment, managing multiple priorities, and communicating effectively with both technical and non-technical stakeholders.
Key Responsibilities
Third Party Risk Management (TPRM)
Lead and support the organization's Third Party/Internal Risk Management program, ensuring comprehensive cyber risk due diligence examinations are conducted for all third-party relationships
Validate incoming third-party and internal risk assessment requests, working closely with business stakeholders to confirm request details and define the scope of engagement
Conduct kick-off meetings with business stakeholders and relevant third parties to establish assessment parameters and expectations
Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, reviewing submitted questionnaires for completeness and accuracy
Analyze questionnaire responses and identify risks arising from the current design and operational effectiveness of internal/third party's security controls
Document responses, associated findings, and remediation plans in the organization's risk management systems
Draft and review comprehensive assessment reports for all checks performed, ensuring respective business stakeholders provide final reviews and approvals
Serve as a primary liaison to address queries related to risk control techniques and evaluations, responding to business units or third parties as required
Perform continuous monitoring of third parties through the organization's systems for current and new findings, tracking any findings to closure
Identify opportunities for improvement within the organization's systems and strategies
Work closely with risk leads and supervisors to schedule and execute a range of supporting activities related to the risk management program
Governance, Threat and Compliance
Lead and support the development of cybersecurity risk and compliance-related strategies to ensure treatment of cybersecurity risk consistent with the organization's risk appetite
Maintain and document compliance with information security-related guidelines and processes through planning, testing, remediating, tracking, and reporting on control reviews and risk assessments
Lead the development and delivery of compliance and risk education and ongoing communications that help build a culture of security and compliance
Stay current with regulatory changes, new guidelines, technology developments, and internal policy modifications to identify new key risk areas
Lead activities to maintain and guide ISO 27001 certification and other relevant security standards
Support the implementation of security frameworks and best practices across the organization
Participate in internal and external audits as required, providing documentation and evidence of compliance
Essential Qualifications & Experience
Education: Relevant bachelor's/master's degree from an accredited university or equivalent professional experience in cybersecurity, information technology, or a related field
Experience: Minimum of 4 years of experience in third-party risk management, information security, and audit and compliance tracking, with at least 2-3 years specifically in TPRM or internal audit roles
Industry Experience: Preferred experience working with large enterprises and/or recognized consulting firms
Technical Knowledge: Working understanding of information security best practices and requirements, including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements, and other relevant frameworks
Risk Management: Experience in the management of risk, controls, and compliance, with knowledge of risk assessment methodologies – both qualitative and quantitative approaches
Certifications (Preferred): One or more of the following: CISA, CRISC, ISO27001 Lead Implementer/Auditor, CISSP, or equivalent certifications
Technical Skills: Experience with AI/ML in cybersecurity is a plus
Competencies & Skills Required for Success
Technical Competencies
Strong understanding of information security principles, frameworks, and best practices
Proficiency in risk assessment methodologies and tools
Knowledge of regulatory requirements and compliance frameworks
Experience with GRC platforms and risk management systems
Ability to analyze complex security scenarios and develop practical recommendations
Strong documentation and report-writing skills
Professional Skills
Outstanding stakeholder management and relationship-building abilities
Excellent analytical and problem-solving skills with the ability to think critically
Strong presentation-making and delivery abilities
Exceptional communication skills, both verbal and written
Ability to navigate fast-paced environments and be flexible with working hours
Adaptability to changing conditions and ability to drive quality change
Personal Attributes
Strong interpersonal abilities with the capacity to work effectively with diverse teams
High level of integrity and commitment to ethical practices
Proactive approach to identifying risks and implementing solutions
Ability to work independently and as part of a collaborative team
Continuous improvement mindset with a passion for learning
Strong attention to detail and accuracy
Career Growth & Learning Opportunities
At arenaflex, we are committed to the professional development and growth of our team members. As a GRC Specialist, you will have access to numerous opportunities for career advancement and skill development:
Career Advancement: This role provides a solid foundation for progression into senior GRC positions, such as Risk Lead, Compliance Manager, or Chief Information Security Officer (CISO) roles
Professional Development: We support ongoing education and certification maintenance, providing resources and time for professional growth
Cross-Functional Exposure: You'll gain experience working with various business units and stakeholders, broadening your understanding of the organization
Industry Recognition: Work with leading security frameworks and standards, building expertise that is highly valued in the industry
Innovation Projects: Opportunities to participate in innovative cybersecurity initiatives and contribute to the evolution of our security program
Mentorship: Access to experienced professionals who can guide your career development
Work Environment & Culture
arenaflex offers a dynamic and inclusive work environment that values diversity and promotes work-life balance. Our culture is built on collaboration, innovation, and mutual respect. We understand that our employees are our most valuable asset, and we strive to create an environment where everyone can thrive.
As part of our team, you'll enjoy:
Flexible Work Arrangements: Remote work options and flexible scheduling to support work-life balance
Inclusive Culture: A welcoming environment where diverse perspectives are valued and celebrated
Team Collaboration: Opportunities to work with talented professionals across different departments and locations
Innovation Focus: Encouragement to propose new ideas and innovative solutions to challenges
Continuous Learning: Access to training resources, workshops, and professional development opportunities
Compensation & Benefits
arenaflex offers a competitive compensation package that recognizes your skills, experience, and contributions. Our benefits package includes:
Competitive Salary: Attractive annual salary commensurate with experience and qualifications
Health & Wellness: Comprehensive health insurance coverage, including medical, dental, and vision plans
Retirement Plans: 401(k) or equivalent retirement savings plan with company matching
Paid Time Off: Generous vacation, sick leave, and personal days
Professional Development: Support for certifications, training, and continuing education
Employee Assistance Program: Resources for personal and professional challenges
Work-Life Balance: Flexible work arrangements and supportive policies
Why Join arenaflex?
By joining arenaflex, you become part of an organization that values excellence, innovation, and integrity in cybersecurity. You'll have the opportunity to make a meaningful impact by helping to protect the organization from cyber threats while ensuring compliance with industry standards and regulations.
We are looking for a professional who shares our commitment to cybersecurity excellence and is excited about the opportunity to grow with our organization. If you have the skills, experience, and passion for governance, risk management, and compliance, we encourage you to apply and become part of our dedicated cybersecurity team.
This is more than just a job – it's a chance to build a rewarding career in cybersecurity while contributing to an organization that values its people and is committed to maintaining the highest standards of security and compliance.
How to Apply
If you are ready to take the next step in your career and join a team of dedicated cybersecurity professionals, we want to hear from you! Please submit your application today.
arenaflex is an equal opportunity employer committed to diversity and inclusion. We encourage candidates from all backgrounds to apply.
Note: This position offers flexible work arrangements, including remote work options. The specific details will be discussed during the interview process.
Apply now to join the arenaflex cybersecurity team and help us shape the future of security and compliance!