miovision - Sr. GRC Specialist

• Risk & Control Mastery: Identify, assess, document, and track enterprise, cybersecurity, product, and third-party risks within Miovision’s risk register. • Framework Champion: Execute daily GRC activities and maintain risk scoring, treatment plans, and evidence aligned with our Unified Risk Management Framework (ISO 27001, SOC 2, NIST, FAIR). • Workflow Navigation: Track risk remediation and champion exception, deviation, and risk acceptance workflows, ensuring everything aligns with our defined risk appetite and business justifications. • Audit Ace: Act as a central pillar during internal assessments and external audits, coordinating with internal control owners to collect, validate, and maintain rock-solid audit evidence. • Customer Assurance: Expertly field and prepare accurate, consistent responses for customer security questionnaires, RFPs, and due-diligence requests. • Policy & Playbook Architect: Support policy lifecycle activities, map controls across multiple frameworks to reduce duplication, and assist in building repeatable audit playbooks. • Cross-Functional Catalyst: Partner closely with Engineering, Cloud Ops, IT, and Product to seamlessly embed risk controls into product development, cloud operations, and vendor onboarding. • Culture Builder: Drive risk awareness, deliver security training, participate in cross-functional risk forums, and act as the vital bridge translating cybersecurity requirements to the broader business. • Emerging Leader: Take the reins on key GRC program components (like third-party risk or control testing), mentor junior analysts, drive process automation, and shadow the GRC Manager on executive reporting and strategic initiatives. • The Ideal Profile: • The Experience: You bring extensive, hands-on experience in GRC, cyber risk, compliance, audit, or information security roles. • The Toolbelt: You are highly proficient with modern GRC platforms and compliance management tools. • The Frameworks: You possess a strong working knowledge of at least three (3) of the heavy hitters: ISO 27001, SOC 2, NIST (CSF / RMF / 800-53), FedRAMP, FAIR, or COSO enterprise risk concepts. • The Builder: You have a proven track record of building and operating robust risk registers, control frameworks, and reporting mechanisms. • The Translator: You have the highly sought-after ability to translate dense, technical risks into clear, actionable business impacts. • The Environment: You thrive in SaaS, cloud, or critical-infrastructure-adjacent environments (this is strongly preferred!). • The Communicator: You communicate effortlessly with everyone from strict external auditors to deep-in-the-weeds engineers and non-technical stakeholders. • The Analytical Mind: You boast an incredibly analytical mindset with razor-sharp attention to detail, accuracy, and critical problem-solving skills. • The Public Sector Bonus: You have valuable exposure to public-sector or highly regulated customer requirements (such as federal, state, municipal, or transportation agencies).