Cyber Governance, Risk & Compliance (GRC) Specialist

TECHEAD is celebrating over thirty-five years of incredible heritage, talent, and accomplishments! To learn more about TECHEAD, visit us at TECHEAD.com or on Glassdoor.

Cyber Governance, Risk & Compliance (GRC) Specialist | #22418

Full-time, Direct Hire

3x per week onsite in Richmond, VA

**NO C2C**

About the Company

Our client is a publicly traded financial services firm driven by a mission to unlock lasting value through disciplined, macro-informed stewardship of liquidity, leverage, and risk. Their core values center on delivering value, fostering curiosity, building trust, and practicing kindness. These values form the core of how we lead, invest, communicate, and serve our shareholders, employees, and community.

About the Job

Reporting directly to the Head of Cybersecurity & Infrastructure, the Cyber Governance, Risk & Compliance role will be accountable for the development and maintenance of the organization's Cyber Risk Management program.

Key Responsibilities

Cyber Risk Management Program

• Define, design, and maintain cybersecurity controls to address enterprise technology and cyber risks.
• Lead risk identification, assessment, and tracking activities, including maintenance of the risk register.
• Develop and execute control testing and assurance processes to evaluate control effectiveness.

Cyber Third-Party Risk Management

• Establish third-party cyber risk thresholds and tiering aligned to business criticality and data sensitivity.
• Define and maintain standardized security questionnaires and assessment methodologies.
• Oversee vendor risk assessments, onboarding, and ongoing monitoring of third-party access to systems and data.

Cyber Governance & Policy Framework

• Develop and maintain cybersecurity policies, standards, and procedures aligned to regulatory requirements and industry frameworks.
• Coordinate periodic policy reviews and updates to reflect evolving threats and business needs.
• Partner with stakeholders across IT and business functions to ensure policy adoption and enforcement.

Audit, Compliance & Control Assurance

• Support internal and external audits (e.g., SOX, regulatory exams) through control validation and evidence collection.
• Manage audit findings, remediation tracking, and continuous control improvement.
• Ensure consistent documentation and audit readiness across all cybersecurity and technology control domains.

AI Governance & Risk Management

• Establish governance frameworks for AI and emerging technologies, including acceptable use and risk thresholds.
• Define control requirements for model usage, data handling, and integration into business processes.
• Oversee risk assessments and ongoing monitoring to ensure responsible, secure, and compliant use of AI.

Operational Execution & Frameworks

• Operate using the established Entrepreneurial Operating System (EOS) framework to create organizational traction.
• Work with leadership to establish and achieve measurable goals using scorecards and other performance tracking tools.
• Identify and solve issues promptly using the Issues List and EOS structured problem-solving approach.
• Follow core processes consistently to ensure smooth workflow and continuous improvement.

Collaboration & Culture

• Foster strong, trust-based relationships with internal partners.
• Operate as a collaborative team member who models open communication, active listening, and respect for diverse perspectives.
• Lead with humility and curiosity, creating a safe space for dialogue, debate, and shared decision-making across teams.
• Engage constructively with external partners and stakeholders, ensuring high standards of service, accountability, and ethical conduct.
• Demonstrate the company's core values through consistent behaviors that reflect integrity, transparency, adaptability, and a commitment to shared success.
• Promote a culture of inclusion and mutual respect, upholding a strict collaborative, low-ego, high-performance environment.
• Function seamlessly across the business with a low-ego, non-territorial mindset, to pursue the greater good for the enterprise.

Education & Certifications

• Degree: Bachelor’s degree required; advanced degree (e.g., MBA) or relevant technical graduate degree preferred.
• Certifications: Relevant professional certifications are desired/a plus, particularly CISSP, CISM, or CISA.

Professional Experience

• 7 years of experience* within financial services or a highly regulated industry.
• Proven experience operating under SEC/SOX standards, NIST standards, and resiliency objectives.
• Demonstrated success in developing and managing cyber risk management programs, designing cybersecurity controls, and developing cyber policy.
• Demonstrated knowledge of cybersecurity frameworks and control requirements, cyber policy standards, SOX Controls, and audit requirements.
• Familiarity with AI and Large Language Model (LLM) functionality, capabilities, and risk profiles.
• Track record of project and task ownership, strong communication skills, and operating within a high-performing team.

TECHEAD's mission is to make our associates successful by placing them in the right environment so they can grow and prosper. How we treat and respond to our clients and employees is a reflection of who we are and makes us stand out from the rest. Keeping our business focused on building and maintaining relationships with our employees and clients is the key to our success. We won't strive for anything less.

TECHEAD provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

For more information on TECHEAD please visit www.techead.com.

No second parties will be accepted.