Nefco Corporation

GRC Specialist (governance, risk and compliance)

East Hartford, CT

About This Job

Description:

Summary: We are seeking a proactive, detail-oriented, and collaborative GRC (Governance, Risk, and Compliance) Specialist to join our cybersecurity team. This role plays a critical part in ensuring that our organization maintains strong compliance with evolving federal and state regulations while continuously improving our internal security policies, risk posture, and audit readiness.

Key Responsibilities:

Governance, Risk, and Compliance

•

Monitor, interpret, and track cybersecurity regulations at both the federal and state levels to assess impact on business operations.

•

Develop, update, and maintain cybersecurity policies and procedures that align with industry standards (e.g., NIST CSF, ISO 27001, CIS Controls, CMMC).

•

Collaborate across departments to ensure policies are implemented and understood throughout the organization.

•

Conduct internal audits and control assessments to evaluate effectiveness and adherence to policies.

•

Create and maintain a risk register, help identify and assess risks, assign ownership, and track mitigation efforts.

•

Support business impact assessments and assist in maintaining business continuity strategies.

Training & Awareness

•

Assist in designing and delivering cybersecurity training and awareness programs.

•

Track training metrics and ensure organization-wide compliance with awareness initiatives.

Frameworks & Certifications

•

Provide support in preparing for security certifications (e.g., SOC 2, ISO 27001, CMMC).

•

Coordinate with external auditors or assessors, gather evidence, and support audit processes.

Incident Response Compliance

•

Ensure incident response policies align with regulatory requirements.

•

Support post-incident reviews with a focus on documentation and lessons learned.

Third-Party & Vendor Risk

•

Coordinate third-party risk assessments to ensure vendors meet security and data protection standards.

•

Track compliance of vendors and service providers against contractual and regulatory obligations.

Metrics & Reporting

•

Develop and maintain dashboards or reports that measure compliance status, audit results, and risk posture.

•

Present findings and trends to the cybersecurity supervisor/director on a regular basis.

Requirements:

•

Bachelor's degree in information technology, cybersecurity, or a related field, or equivalent relevant experience

•

3+ years of experience in cybersecurity GRC, compliance, or related fields

•

Working knowledge of major security standards (NIST, ISO 27001, CIS, etc.)

•

Strong understanding of U.S. federal and state cybersecurity laws and data protection regulations

•

Experience writing and managing cybersecurity policies and procedures

•

Ability to conduct risk assessments, audits, and support certification efforts

•

Familiarity with GRC tools and platforms (e.g., OneTrust, Archer, ServiceNow GRC)

•

Excellent verbal and written communication skills; able to communicate with technical and non-technical stakeholders

•

Strong organizational, time management, and project coordination skills

Preferred Qualifications (Nice to Have):

•

Relevant certifications: Security+, CGRC, CISA, CRISC, or similar

•

Experience supporting SOC 2, ISO 27001, FedRAMP, ITAR or CMMC certification processes

•

Background in security awareness training or program development

Similar Jobs