GRC Compliance Specialist

Marcum LLP

Marcum LLP offers a great career with exceptional benefits.
Theres a lot to think about when it comes to launching your career. At Marcum, we offer you a world of opportunity, a highly competitive salary, exceptional benefits, flexible work options, and industry-leading technology, all within an environment that values your contributions and supports your professional growth.
At Marcum, eligible associates receive a benefits package that includes health, dental, and vision insurance, short and long-term disability insurance, life insurance, flexible spending accounts, and transit benefits, as well as paid time off, a 401(k) plan with an employer contribution, and a profit sharing plan.
Marcum LLP is seeking a GRC Compliance Specialist to join our Governance, Risk and Compliance (GRC) team in the internal IT department and be part of the Vendor Management (VM) GRC program. The GRC Compliance specialist must have at least 5 years of experience in building and assessing vendor risk , reviewing questionnaires, and asking security related questions based on the responses provided by the vendor.
Visa Sponsorship is not available for this job opportunity.
The Governance, Risk, and Compliance (GRC) Specialist is a key role within the organization responsible for developing, implementing, and maintaining policies and procedures that ensure the company adheres to industry standards. The GRC Specialist will collaborate with various departments to ensure that compliance is integrated into all aspects of the companys operations, thereby enhancing the overall governance framework. Additionally, the specialist will facilitate audits and assessments, manage compliance documentation, and provide training and support to ensure that all staff understand and can effectively apply GRC principles.
Position Summary: The GRC Specialist is responsible for assessing, managing, and mitigating risks associated with third-party vendors and service providers. Implement security best practices, policies, and controls through a repeatable process. This role involves conducting thorough security evaluations of potential and existing vendors, conducting regular security awareness trainings, and phishing campaigns, design and implementation of KPIs, KRIs, enhancing our internal policies and procedures.
Minimum of 5 years of experience in information security, with a focus on third-party/vendor risk management.
Strong understanding of information security principles, frameworks (e.g., NIST, ISO 27001, SOC 2 Type 2), and regulations (e.g., GDPR, HIPAA).
Experience with risk assessment methodologies and tools.
Excellent analytical and critical thinking skills, with the ability to manage complex projects.
Proficient communication skills, both written and verbal, with the ability to explain technical concepts to non-technical stakeholders.
Detail-oriented with strong organizational skills.
Ability to work independently as well as collaboratively within a team environment.
Bachelors degree in information technology, Cybersecurity, or a related field; or equivalent work experience.
Preferred Requirements:
Relevant professional certifications, such as CISM, CRISC, or CISA are preferred.
Job Responsibilities:
Enhance existing security policies, controls and procedures and conduct annual certifications.
Assist to operationalize the GRC tool and identify areas of improvement.
Develop and maintain a vendor risk management framework and supporting documentation.
Conduct detailed risk assessments, identify potential security risks associated with third-party vendors by reviewing and analyzing security policies, controls, and procedures.
Get to know the business side, meet with owners and vendors, while identifying opportunities to improve ease of vendor management.
Collaborate with legal, and other departments to ensure that security requ