CapTech

www.captechconsulting.com

1 Job

1,086 Employees

About the Company

CapTech is a technology consulting firm focused on defining and delivering what's next for organizations. We are strategic problem-solvers. At the heart of our approach is a deep understanding of the power of technology. We thrive on leveraging the latest innovations to overcome even the greatest of obstacles. See how at captechconsulting.com.

Listed Jobs

Company Name: CapTech
Job Title: Governance, Risk, and Compliance Specialist
Job Description: **Job title** Governance, Risk, and Compliance Specialist **Role Summary** Execute third‑party risk assessments, manage security awareness training, support policy reviews, and assist with information security compliance initiatives within a consulting environment. **Expactations** - Perform technical risk evaluations and vendor due diligence aligned with SOC 2, NIST 800‑53, ISO 27001. - Deliver actionable findings, recommendations, and KPIs to GRC leadership. - Provide security training for new hires and maintain training materials. - Collaborate on policy development and audit response. - Manage tasks independently, communicate risks to non‑technical stakeholders, and seek guidance as needed. **Key Responsibilities** - Conduct third‑party risk assessments of tools, platforms, and services. - Advise on risk response decisions based on SOC 2 and internal standards. - Prepare and present assessment findings to GRC Lead and Information Security Head. - Recommend improvements to vendor security posture. - Document and propose information security enhancements balancing risk and business operations. - Build security program content for corporate and cyber risk areas. - Develop and track KPIs/KRIs for risk reporting and business insights. - Deliver security training aligned with company policies. - Assist in maintaining and reviewing ITGRC policies, standards, and procedures. - Respond to client/partner security questionnaires. - Collect evidence for external audits and internal reviews. - Contribute to GRC engineering, automation, and workflow tasks. **Required Skills** - 1–3 years in Information Security, Risk, Compliance, or IT Audit. - Proficiency with SOC 2, NIST 800‑53, ISO 27001 frameworks (prior SOC 2/NIST experience preferred). - Understanding of AI governance risks and frameworks (NIST AI RMF, ISO 42001, AIUC‑1). - Strong written and oral communication, especially risk translation for non‑technical audiences. - Proficiency with Microsoft Office suite. - Analytical, problem‑solving, and critical‑thinking abilities. - Highly organized, self‑motivated, capable of independent work with guidance. - Willingness to adopt AI tools for process automation. - Interest or experience in GRC engineering and workflow automation. - Vendor management or third‑party risk assessment experience preferred. **Required Education & Certifications** - Bachelor’s degree in Information Technology, Computer Science, Business, or related field (or equivalent experience). - Current or attainable certifications: CGRC, CRISC, Security+, or equivalent. - Additional relevant certifications acceptable.

Richmond, United states

Hybrid

Fresher

16-03-2026