Job Description

Lawrence Harvey is partnered with a SaaS start-up looking to build up their GRC program in New York City. We are seeking a Security GRC Specialist to drive the evolution and scaling of a governance, risk, and compliance program with a heavy focus on automation and cross-functional collaboration. This role provides significant ownership, working closely with leadership to align compliance efforts with business goals, while reducing manual work through tooling and process innovation.

Core Responsibilities:

Policy & Compliance Automation:

• Design, implement, and optimize compliance processes using automation to support audit-readiness and continuous monitoring.

Documentation & Framework Management:

• Draft, maintain, and enhance internal policies, procedures, standards, and guidelines in accordance with evolving regulatory and security frameworks (SOC 1/2, ISO 27001, HIPAA, GDPR, NIST, CCPA, CSA STAR).

Risk & Vendor Management:

• Conduct formal risk assessments across internal applications, third-party vendors, and partner integrations, with a focus on protecting sensitive data and minimizing business risk.

Tooling & Technical Enablement:

• Evaluate and deploy GRC-related technologies such as evidence collection platforms, control monitoring solutions, and identity governance tools

Strategic Compliance Enablement:

• Promote compliance as a value-add function, enabling growth and customer trust through sound risk and privacy practices.

Required Skills & Experience:

• 6-7+ years directly in Security, GRC or related experience
• Solid understanding of major compliance frameworks: SOC1/2, HIPAA, ISO 27001, GDPR, CCPA, NIST
• Experience with cloud-native and SaaS environments - AWS, GCP or Azure experience is preferable
• Proven ability to drive process automation and tooling integration to reduce repetitive work
• Effective written and verbal communicator, capable of translating complex regulatory requirements into business-friendly guidance
• Hands-on experience with GRC tools
• Familiarity with scripting languages (e.g., Python) is a plus
• Exposure to global privacy frameworks and previous experience in cybersecurity roles is beneficial

Job Tags

Similar Jobs