Cyber Security Specialist (Governance, Risk & Compliance) - w2 only

One of our clients is looking for a Security Contracts/Regulations & Third-Party Security Specialist to support their enterprise Cybersecurity Governance, Risk & Compliance team.

Role: Security Specialist (Vendor, Compliance, GRC) - w2 only

- Duration: Six months

- Location: Remote

-

Key Responsibilities:

- Security Contracts: Analyze third-party modifications to the Data Security Addendum (DSA), propose alternative language, and negotiate terms alongside GIS leadership and legal teams.

- Security Regulations: Research and map international cybersecurity regulations to corporate policies; identify misalignments and monitor the global threat landscape.

- Third-Party Security: Conduct vendor security assessments, identify non-compliance issues, and engage vendor leadership to negotiate risk resolutions.

Core Requirements:

- 7+ years of experience in security contract negotiations and third-party assessments within large global financial organizations.

- Deep knowledge of NIST CSF, ISO 27001, FFIEC, and SEC Regulation S-P.

- Expertise using Standard Information Gathering Questionnaires (SIG) and evaluating SOC reports.

- Experience with eGRC platforms such as MetricStream, RSA Archer, or OneTrust.

- Bachelor’s degree in a technical field; CISSP, CISA, CISM, or CRISC certifications are preferred.

- Exceptional executive presence and the ability to communicate complex security topics to senior leadership.

Apply tot his job