RemoteLeaf Logo
Log in Sign up

Senior Specialist- Governance, Risk and Compliance

3 hours, 40 minutes ago
United States, Canada, United Kingdom
Senior
Penetration Tester
Cybersecurity
HIPAA
Apply Now
Mark43

Mark43

Mark43 redefines public safety software with an integrated Records Management System and a cloud-based Computer Aided Dispatch System, empowering first responders with reliable information and setting industry standards for customer support.

Professional Services
251-1K
Founded 2012
$179M raised
View All Jobs 6

Description

  • Develop, implement, and continuously improve security policies, procedures, and standards aligned to ISO 27001, HIPAA, GDPR, and related frameworks.
  • Maintain and enhance ISO 27001 certification through control oversight, evidence collection, internal audits, and external audit support.
  • Lead HIPAA readiness and compliance initiatives by translating regulatory requirements into scalable controls.
  • Support the evaluation and adoption of additional ISO frameworks as the business expands internationally.
  • Conduct risk assessments, identify risks, and develop mitigation strategies with Engineering, Product, IT, and Legal teams.
  • Manage control maturity initiatives and drive continuous improvement across GRC processes.
  • Respond to security questionnaires, customer due diligence requests, and third-party audits.
  • Evaluate cloud-hosted systems for compliance with standards covering architecture, monitoring, logging, and security configuration.
  • Manage exceptions and track remediation actions related to security controls.
  • Deliver training and awareness initiatives to strengthen security and compliance understanding across the organisation.

Requirements

  • 5 to 8 years of experience in a GRC role within a SaaS or technology environment operating in regulated industries.
  • Hands-on experience maintaining ISO 27001 certification, including control operation, internal audit coordination, corrective actions, and external audit support.
  • Direct experience supporting or leading HIPAA compliance initiatives.
  • Working knowledge of an ISO-aligned Information Security Management System, including risk registers, Statements of Applicability, control testing, continuous monitoring, and management review processes.
  • Strong understanding of risk management principles and experience conducting formal risk assessments.
  • Experience working cross-functionally with Engineering, IT, Security, Legal, and Operations teams to operationalise controls.
  • Ability to independently facilitate audits, risk assessments, and compliance initiatives with minimal oversight.
  • Strong communication skills to translate complex regulatory and audit requirements into clear guidance for technical and non-technical audiences.
  • Relevant certifications such as ISO 27001 Lead Auditor, CISA, CISM, or CRISC are a plus.
  • Must be authorized to work for any employer in the country where the role is hired, and Mark43 cannot sponsor or take over visa sponsorship at this time.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Reveal Tech

Senior Cybersecurity / Exploitation Engineer

Reveal Tech 11-50 Internet Software & Services

Reveal Technology is hiring a Senior Cybersecurity / Exploitation Engineer to build offensive security and vulnerability intelligence systems for its Cyber Platform supporting defense, security, and public safety missions.

United States Full-time Senior Penetration Tester Security Engineer
$150k-$210k
Cybersecurity Docker HTTP Linux Metasploit Penetration Testing Python SSH TCP/IP
10 minutes ago
ClearCapital.com,

Information Security GRC Manager

ClearCapital.com, 1-10 Real Estate

Clear Capital is hiring an Information Security GRC Manager to lead the day-to-day operations of its enterprise governance, risk, and compliance program, supporting internal stakeholders, auditors, and risk management efforts in a remote role.

United States Full-time Lead Penetration Tester
$150k-$200k
AWS Azure Cybersecurity GCP
55 minutes ago
Saviynt

Distinguished Penetration Tester

Saviynt 251-1K Internet Software & Services

Saviynt is seeking a Distinguished Penetration Tester to lead advanced offensive security assessments across applications, APIs, cloud infrastructure, and Kubernetes environments in a remote U.S. role.

United States Full-time Lead Penetration Tester
AWS Azure Kubernetes Penetration Testing
1 hour, 40 minutes ago
qode

Senior IT/GRC Auditor

qode Internet Software & Services

Senior IT/GRC Auditor role at a remote firm supporting SOC 2 and related compliance audits and readiness assessments for clients across LATAM.

Latin America Chile Colombia Full-time Mid Level Penetration Tester
AWS Azure GCP HIPAA
2 hours, 25 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers