Sr. Governance Risk and Compliance Specialist

3+ months agoCary, NC


Kforce has a client in Cary, NC that is looking for a Senior Governance Risk and Compliance Specialist.Summary:This position is expected to lead and carry out any Risk Assessment activities for corporate GRC. Examples would be Corporate IT Risk Assessment (RA), Password Expiration RA, and many Gap Assessments to support ISO certification. They also assist with focused RAs done by other team members (PCI, HIPAA, SOC, etc.) and the GAAS Team. This contractor will learn the process, assist with the backlog and cover additional duties in this area. The candidate performs many risk and compliance projects to meet regulatory and customer demand. This requires building a solid GRC program to manage and track Risk and Compliance activities in a centralized and efficient manner that allows continuous monitoring and reporting. In order to best implement this program, we require someone to lead the design and implementation of the GRC platform, track compliance for the GRC Program, and work continuously to improve our GRC.Responsibilities:

  • The Senior GRC Specialist, under limited supervision, will be responsible for supporting the IT Governance, Risk and Compliance Program
  • Will perform risk assessments, gap analysis and overall security controls guidance around security standards such as ISO 27001, National Institute of Standards and Technology (NIST 800-53), IRS 1075 and other security frameworks
  • They will lead efforts to design, implement, and manage IT GRC program requirements within the ServiceNow GRC platform
  • Will also perform Plan of Action and Milestone (POAM) activities to track remediation efforts, complete security risk tracking and reporting, and Information Technology audit preparation and response
  • Track POAM and risk remediation activities and provide relevant metrics to communicate status and awareness


  • Ideal candidate will have 8+ years of experience with a Bachelors in a related field
  • CRISC, CRMA, or ServiceNow CIS-Risk and Compliance certifications preferred
  • Strong background in executing Risk Assessment and remediation activities
  • Strong understanding of IT Governance activities which support the organizations policies, standards, and procedures
  • Knowledge of regulatory standards and security frameworks; PCI, FISMA, NIST 800-53, HIPAA, ISO 27001/27002
  • Knowledge of risk assessment methodologies
  • Experience working with the ServiceNow GRC platform
  • Understanding of IT Security controls and best practice
  • Highly motivated individual with excellent organizational skills, detail oriented, with the ability to stay on top of a variety of commitments and deadlines; Must be able to work independently and as a team to maintain workload and report on problems or progress in a timely manner
  • Strong time management skills (schedules, timelines, and task prioritization) and ability to work with minimal supervision or guidance
  • Experience with ServiceNow Issue Management Ticketing system
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

Kforce is a professional staffing services firm offering Technology and Finance & Accounting jobs with top employers nationwide. We specialize in providing contract, contract-to-hire and direct placement opportunities, with over 50 years of experience in the staffing industry. Kforce offers many consultants comprehensive benefits depending on employment status, including medical, dental, 401(K), life insurance and disability. Our vision is to be "the firm most respected by those we serve."