Mark43 - Senior Specialist- Governance, Risk and Compliance

• What you can expect to work on • Develop, implement, and continuously improve security policies, procedures, and standards to ensure compliance with ISO 27001, HIPAA, GDPR, and other applicable frameworks. • Maintain and enhance our ISO 27001 certification, including control oversight, evidence collection, internal audits, and external audit support. • Lead HIPAA readiness and compliance initiatives, translating regulatory requirements into practical, scalable controls. • Support the evaluation and adoption of additional ISO frameworks as the business grows internationally. • Conduct risk assessments, identify potential risks, and develop mitigation strategies in partnership with Engineering, Product, IT, and Legal teams. • Manage control maturity initiatives and drive continuous process improvement across GRC activities. • Respond to security questionnaires, customer due diligence requests, and third party audits with clarity and efficiency. • Evaluate systems and cloud hosted environments for compliance with published standards, including architecture, monitoring, logging, and security configuration requirements. • Manage exceptions and track remediation activities related to security controls. • Five to eight years of experience in a GRC role within a SaaS or technology environment operating in regulated industries. • Demonstrated hands on experience maintaining ISO 27001 certification, including ownership of control operation, internal audit coordination, corrective actions, and external audit support. • Direct experience supporting or leading HIPAA compliance initiatives, including translating regulatory requirements into operational controls and partnering with technical teams to implement safeguards. • Strong working knowledge of operating within an ISO aligned Information Security Management System, including risk registers, Statements of Applicability, control testing, continuous monitoring, and management review processes. • Deep understanding of risk management principles and practical experience conducting formal risk assessments. • Experience working cross functionally with Engineering, IT, Security, Legal, and Operations teams to operationalise controls without creating unnecessary friction. • Ability to independently facilitate audits, risk assessments, and compliance initiatives, managing timelines, stakeholders, and follow ups with minimal oversight. • Strong communication skills, with the ability to translate complex regulatory and audit requirements into clear, actionable guidance for both technical and non technical audiences. • Relevant certifications such as ISO 27001 Lead Auditor, CISA, CISM, CRISC, or similar are a plus. • People who thrive on our team also tend to share the following characteristics: • Humble, open, and curious. • Attentive, active listeners. You are interested in what others have to say and illustrate your interest with your actions. • Resilience. You do not shy away from challenging work, and you proactively help your team solve problems. • Enthusiastic collaborators. You understand that the best outcomes are achieved through shared ownership and seek to spread knowledge and expand participation rather than restrict it. • Comfortable with uncertainty. You know that sometimes problems and situations can’t be simplified or fully understood and are at ease working within this type of haziness. • Passionate about personal growth. You view mistakes as opportunities for learning, and want to grow as a designer, colleague, and person. • Eager to help others. You look for ways to provide support for more junior members of the team and develop cooperative working relationships. • Our Privacy Notice describes how Mark43 uses and protects the personal information of prospective employees during the recruitment process. It informs you about our handling of the personal information you provide to us when you apply for a position in our organization and in general when you express your interest in joining our team. • As a part of Mark43's security measures all employees must: Engage in appropriate use of the company's electronic information resources; Become knowledgeable about and follow relevant security policies and guidelines; Protect the resources under their control, such as passwords, computers, and data that they create, receive, or download; and Promptly report security-related incidents and violations, and responding to official reports of security incidents involving their systems or accounts.