GRC Senior Security Consultant

You will conduct risk assessments and threat modeling to identify and prioritize risks to our business and IT assets, using your extensive experience in security architecture design and implementation within a Service Provider environment to create a cutting-edge security architecture framework. You will also work to maintain policies, standards, and guidelines related to information security within our organization, collaborating with cross-functional teams to implement security controls and technologies such as encryption, authentication, and authorization solutions.

Your role will also involve conducting security reviews of vendors and third-party partners to ensure they meet our rigorous security standards, as well as performing regular security and risk reviews of our Service Provider environment to identify vulnerabilities and recommend remediation activities.

At the forefront of security trends and technologies, you will advise our senior leadership team on the latest security best practices, and stay ahead of emerging security threats, always keeping our organization one step ahead. Join us on this exciting journey of securing our Service Provider organization and protecting our customer's assets.

Responsibilities:

• Develop and maintain comprehensive GRC strategies, policies, and frameworks to support enterprise governance, risk mitigation, and regulatory compliance goals.
• Lead risk assessments, control evaluations, and compliance gap analyses across business units and third-party vendors.
• Monitor and interpret changes to applicable laws, regulations, and standards (e.g., SOX, GDPR, DORA, HIPAA, PCI-DSS, ISO 31000, COSO, NIST).
• Design and implement enterprise risk management (ERM) programs, including risk identification, scoring, tracking, and mitigation plans.
• Collaborate with internal audit, legal, and compliance teams to manage internal and external audits and ensure readiness.
• Establish and track key risk indicators (KRIs), control metrics, and risk treatment action plans.
• Provide subject matter expertise on governance structures and compliance reporting.
• Deliver executive-level presentations and dashboards to communicate risk posture, audit findings, and compliance trends.
• Build and maintain GRC tooling and platforms (e.g., Archer, ServiceNow GRC, MetricStream) to support automation and reporting.

Your Future at Kyndryl
Every position at Kyndryl offers a way forward to grow your career, from a Junior Architect to Principal Architect - we have opportunities for that you won't find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms.

Who You Are

You're good at what you do and possess the required experience to prove it. However, equally as important - you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused - someone who prioritizes customer success in their work. And finally, you're open and borderless - naturally inclusive in how you work with others.

Required Technical and Professional Expertise:

• Minimum of 10 years of experience in GRC, enterprise risk management, regulatory compliance, and audit within complex or regulated environments.
• Deep knowledge of risk and compliance frameworks and standards (e.g., ISO 31000, COSO ERM, NIST RMF, COBIT).
• Hands-on experience managing internal/external audits, compliance assessments, and enterprise risk registers.
• Demonstrated ability to interface with senior leadership and regulatory bodies.
• Strong project management, stakeholder engagement, and cross-functional collaboration skills.

Preferred Technical and Professional Experience:

• Relevant certifications such as CRISC, CISA, CISM, CGEIT, or CIA.
• Experience working in highly regulated industries such as finance, insurance, healthcare, or energy.
• Familiarity with GRC platforms such as RSA Archer, ServiceNow GRC, OneTrust, or similar.
• Bachelor's or Master's degree in Risk Management, Information Security, Compliance, or a related field.

Being You

Diversity is a whole lot more than what we look like or where we come from, it's how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we're not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you - and everyone next to you - the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That's the Kyndryl Way.

What You Can Expect

With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter - wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed.

Get Referred!

If you know someone that works at Kyndryl, when asked 'How Did You Hear About Us' during the application process, select 'Employee Referral' and enter your contact's Kyndryl email address.