Cybersecurity GRC (Governance, Risk & Compliance) SpecialistNew

The Brattle Group, a privately held, global economics consulting firm, is looking for a Cybersecurity GRC (Governance, Risk & Compliance) Specialist to join our Boston, MA office. The Cybersecurity GRC Specialist is responsible for working with the Manager of Cybersecurity to implement and manage the firm’s Governance, Risk, and Compliance framework. The role focuses on aligning policies and controls with industry regulations, performing risk assessments, supporting compliance audits, and promoting a culture of accountability and ethical conduct.

Some of the day-to-day responsibilities of this role include:

- Develop and maintain internal policies and procedures that support compliance with industry regulations (e.g., ISO 27001, NIST, SOC 2, GDPR), including maintaining POA&Ms and ATU artifacts

- Perform regular risk assessments and update the firm’s risk register.

- Collaborate with IT and Legal teams to address risks and control deficiencies.

- Monitor regulatory changes and evaluate their impact on firm operations.

- Provide support during internal and external audits, including evidence gathering.

- Lead or support compliance training sessions and awareness campaigns for staff.

- Lead initiatives for compliance automation, continuous control monitoring, and process optimization.

- Maintain third-party risk management documentation and review vendor contracts for compliance implications.

- Lead external annual external penetration and vulnerability testing and analysis.

- Update and manage governance documents, risk management policies, and compliance tracking logs.

- Maintain audit trail documentation for regulatory and internal control requirements.

- Contribute to annual compliance reports and board-level risk summaries.

THE CANDIDATE

- Bachelor’s degree in Business, Law, Information Systems, or a related field

- 3–5 years of experience in GRC, internal audit, compliance, or risk management

- Familiarity with GRC platforms (e.g., ServiceNow GRC, Archer, LogicGate)

- Working knowledge of risk assessment methodologies and control frameworks

- Understanding of privacy laws and data protection requirements

- One or more certifications such as CRISC, CISA, CIPP, CISSP, or CISM

- Experience conducting control testing and compliance audits

- Ability to interpret legal and regulatory texts into business requirements

Brattle offers a competitive benefits package, base salary, and bonus program for eligible roles based on individual and firm performance. The anticipated base gross salary range for this position in [CITY] is $105,000–$115,000 annually. Actual salary will depend on a variety of factors, including experience and training.

This position is not eligible for immigration sponsorship.

THE EMPLOYER

The Brattle Group answers complex economic, finance, and regulatory questions for corporations, law firms, and governments around the world. We are distinguished by the clarity of our insights and the credibility of our experts, which include leading international academics and industry specialists. Brattle has 500 talented professionals across North America, Europe, and Asia-Pacific. For more information, please visit brattle.com.

EQUAL OPPORTUNITY

The Brattle Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, citizenship status, national origin, ancestry, sex, gender identity and expression, age, height, weight, domestic partner status, Acquired Immune Deficiency Syndrome or HIV status (AIDS/HIV status), genetic information, sexual orientation, disability (where the applicant or employee is qualified to perform the essential functions of the job with or without reasonable accommodation), marital status, veteran status, political affiliation, drug or alcohol abuse or alcoholism, or any other characteristic protected under applicable law.