GRC Expert - HIPAA/PCI-DSS

Position Overview :

We are seeking a seasoned Policies and Standards Authoring Expert to lead the creation, revision, and governance of enterprise-wide Information Security and GRC-related documentation.

This role demands a deep understanding of cybersecurity frameworks, regulatory compliance obligations, and IT governance models across multiple geographies.

The ideal candidate will bring 710 years of hands-on GRC experience, with demonstrated expertise in developing policies, standards, procedures, and guidelines that align with industry best practices and organizational risk tolerance.

Key Responsibilities :

- Author, review, and maintain a comprehensive library of information security, privacy, and IT governance policies and standards.

- Ensure all documentation aligns with leading frameworks such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, PCI DSS, HIPAA, DORA, and GDPR.

- Collaborate with legal, risk, privacy, audit, IT, and business teams to ensure policies are fit-for-purpose, legally defensible, and practically enforceable.

- Maintain a robust policy lifecycle governance process, including version control, approvals, and periodic review schedules.

- Develop accompanying procedures and guidelines to support policy adoption and operational integration.

- Lead internal reviews and gap assessments to benchmark policies against evolving regulatory or contractual requirements.

- Serve as subject matter expert on policy-related inquiries from internal stakeholders, regulators, and auditors.

Required Qualifications :

- 710 years of experience in Governance, Risk & Compliance (GRC), with a strong focus on policy and standards development.

- In-depth understanding of security and privacy regulatory frameworks, including but not limited to NIST, ISO, SOX, GDPR, HIPAA, and PCI DSS.

- Demonstrated expertise in writing formal governance documents for global or multinational enterprises.

- Excellent written communication skills, with proven ability to translate complex technical and legal content into clear, accessible policy language.

- Experience in policy management tools or document governance platforms (e.g., ServiceNow GRC, Archer, or SharePoint).

- Familiarity with organizational policy governance structures, risk ownership models, and compliance assurance practices.

Preferred Qualifications :

- Certifications such as CISA, CISM, CGEIT, CISSP, CRISC, or equivalent.

- Experience supporting regulatory audits or internal/external assessments related to policy compliance.

- Knowledge of cross-border regulatory differences between the US, UK, Canada, and the EU.

- Experience integrating policy frameworks with third-party risk, privacy, or secure software development standards.

Key Competencies :

- Precision-focused communicator with mastery in formal policy writing and editorial standards.

- Risk-aware strategist who understands how to balance security, compliance, and business flexibility.

- Strong collaboration and influence skills, able to align diverse stakeholder groups behind clear policy requirements.

- Highly organized and methodical, with a structured approach to policy lifecycle management and control mapping.

- Adaptive to regulatory change and evolving threat landscapes, with a mind-set for continuous improvement.