**Job Title:** Cybersecurity Governance, Risk & Compliance (GRC) Specialist – Third Party Risk Management & Security Compliance

• --

Join arenaflex as a Cybersecurity Governance, Risk & Compliance Specialist

Are you passionate about cybersecurity and ready to make a meaningful impact in a dynamic, innovative organization? arenaflex is seeking an experienced Governance, Risk, and Compliance (GRC) professional to join our cybersecurity team and help protect our organization from evolving digital threats while ensuring we meet the highest industry standards and regulatory requirements.

This is a unique opportunity to be part of a forward-thinking cybersecurity crew that combines cutting-edge technology with strategic risk management. As a GRC Specialist at arenaflex, you will play a critical role in guiding our governance activities, managing third-party risks, and ensuring the highest levels of security compliance across our operations. You'll work alongside talented cybersecurity professionals who are dedicated to formulating and implementing strategies that align with our business objectives while effectively managing risks and meeting industry standards.

About arenaflex

At arenaflex, we believe in the power of innovation and the importance of robust cybersecurity practices. Our Cybersecurity Crew consists of skilled professionals who formulate and implement techniques and recommendations to help the organization align with its commercial enterprise goals while dealing with dangers correctly and meeting industry guidelines and standards. We work on cutting-edge technology and toward new innovations in the area of cybersecurity to deliver excellence in everything we do.

Our team is committed to fostering a culture of security awareness, continuous improvement, and collaboration. We understand that in today's rapidly evolving digital landscape, having a strong GRC framework is essential for maintaining trust with our stakeholders and protecting our assets. When you join arenaflex, you become part of a community that values excellence, integrity, and innovation.

Position Overview

We are looking for a dedicated Cybersecurity GRC Specialist to manage our Third Party Risk Management (TPRM) program and support internal security compliance requirements. This role is crucial in ensuring that our organization's exposure to cyber risks through third-party relationships is properly identified, assessed, and mitigated. You'll be working with business stakeholders across the organization to conduct thorough due diligence assessments, analyze security controls, and develop remediation plans that address identified vulnerabilities.

The ideal candidate will have a strong background in governance, risk management, and compliance, with specific experience in third-party risk management and information security frameworks. You'll need to be comfortable working in a fast-paced environment, managing multiple priorities, and communicating effectively with both technical and non-technical stakeholders.

Key Responsibilities

Third Party Risk Management (TPRM)

• Lead and support the organization's Third Party/Internal Risk Management program, ensuring comprehensive cyber risk due diligence examinations are conducted for all third-party relationships


• Validate incoming third-party and internal risk assessment requests, working closely with business stakeholders to confirm request details and define the scope of engagement


• Conduct kick-off meetings with business stakeholders and relevant third parties to establish assessment parameters and expectations


• Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, reviewing submitted questionnaires for completeness and accuracy


• Analyze questionnaire responses and identify risks arising from the current design and operational effectiveness of internal/third party's security controls


• Document responses, associated findings, and remediation plans in the organization's risk management systems


• Draft and review comprehensive assessment reports for all checks performed, ensuring respective business stakeholders provide final reviews and approvals


• Serve as a primary liaison to address queries related to risk control techniques and evaluations, responding to business units or third parties as required


• Perform continuous monitoring of third parties through the organization's systems for current and new findings, tracking any findings to closure


• Identify opportunities for improvement within the organization's systems and strategies


• Work closely with risk leads and supervisors to schedule and execute a range of supporting activities related to the risk management program

Governance, Threat and Compliance

• Lead and support the development of cybersecurity risk and compliance-related strategies to ensure treatment of cybersecurity risk consistent with the organization's risk appetite


• Maintain and document compliance with information security-related guidelines and processes through planning, testing, remediating, tracking, and reporting on control reviews and risk assessments


• Lead the development and delivery of compliance and risk education and ongoing communications that help build a culture of security and compliance


• Stay current with regulatory changes, new guidelines, technology developments, and internal policy modifications to identify new key risk areas


• Lead activities to maintain and guide ISO 27001 certification and other relevant security standards


• Support the implementation of security frameworks and best practices across the organization


• Participate in internal and external audits as required, providing documentation and evidence of compliance

Essential Qualifications & Experience

• Education: Relevant bachelor's/master's degree from an accredited university or equivalent professional experience in cybersecurity, information technology, or a related field


• Experience: Minimum of 4 years of experience in third-party risk management, information security, and audit and compliance tracking, with at least 2-3 years specifically in TPRM or internal audit roles


• Industry Experience: Preferred experience working with large enterprises and/or recognized consulting firms


• Technical Knowledge: Working understanding of information security best practices and requirements, including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements, and other relevant frameworks


• Risk Management: Experience in the management of risk, controls, and compliance, with knowledge of risk assessment methodologies – both qualitative and quantitative approaches


• Certifications (Preferred): One or more of the following: CISA, CRISC, ISO27001 Lead Implementer/Auditor, CISSP, or equivalent certifications


• Technical Skills: Experience with AI/ML in cybersecurity is a plus

Competencies & Skills Required for Success

Technical Competencies

• Strong understanding of information security principles, frameworks, and best practices


• Proficiency in risk assessment methodologies and tools


• Knowledge of regulatory requirements and compliance frameworks


• Experience with GRC platforms and risk management systems


• Ability to analyze complex security scenarios and develop practical recommendations


• Strong documentation and report-writing skills

Professional Skills

• Outstanding stakeholder management and relationship-building abilities


• Excellent analytical and problem-solving skills with the ability to think critically


• Strong presentation-making and delivery abilities


• Exceptional communication skills, both verbal and written


• Ability to navigate fast-paced environments and be flexible with working hours


• Adaptability to changing conditions and ability to drive quality change

Personal Attributes

• Strong interpersonal abilities with the capacity to work effectively with diverse teams


• High level of integrity and commitment to ethical practices


• Proactive approach to identifying risks and implementing solutions


• Ability to work independently and as part of a collaborative team


• Continuous improvement mindset with a passion for learning


• Strong attention to detail and accuracy

Career Growth & Learning Opportunities

At arenaflex, we are committed to the professional development and growth of our team members. As a GRC Specialist, you will have access to numerous opportunities for career advancement and skill development:

• Career Advancement: This role provides a solid foundation for progression into senior GRC positions, such as Risk Lead, Compliance Manager, or Chief Information Security Officer (CISO) roles


• Professional Development: We support ongoing education and certification maintenance, providing resources and time for professional growth


• Cross-Functional Exposure: You'll gain experience working with various business units and stakeholders, broadening your understanding of the organization


• Industry Recognition: Work with leading security frameworks and standards, building expertise that is highly valued in the industry


• Innovation Projects: Opportunities to participate in innovative cybersecurity initiatives and contribute to the evolution of our security program


• Mentorship: Access to experienced professionals who can guide your career development

Work Environment & Culture

arenaflex offers a dynamic and inclusive work environment that values diversity and promotes work-life balance. Our culture is built on collaboration, innovation, and mutual respect. We understand that our employees are our most valuable asset, and we strive to create an environment where everyone can thrive.

As part of our team, you'll enjoy:

• Flexible Work Arrangements: Remote work options and flexible scheduling to support work-life balance


• Inclusive Culture: A welcoming environment where diverse perspectives are valued and celebrated


• Team Collaboration: Opportunities to work with talented professionals across different departments and locations


• Innovation Focus: Encouragement to propose new ideas and innovative solutions to challenges


• Continuous Learning: Access to training resources, workshops, and professional development opportunities

Compensation & Benefits

arenaflex offers a competitive compensation package that recognizes your skills, experience, and contributions. Our benefits package includes:

• Competitive Salary: Attractive annual salary commensurate with experience and qualifications


• Health & Wellness: Comprehensive health insurance coverage, including medical, dental, and vision plans


• Retirement Plans: 401(k) or equivalent retirement savings plan with company matching


• Paid Time Off: Generous vacation, sick leave, and personal days


• Professional Development: Support for certifications, training, and continuing education


• Employee Assistance Program: Resources for personal and professional challenges


• Work-Life Balance: Flexible work arrangements and supportive policies

Why Join arenaflex?

By joining arenaflex, you become part of an organization that values excellence, innovation, and integrity in cybersecurity. You'll have the opportunity to make a meaningful impact by helping to protect the organization from cyber threats while ensuring compliance with industry standards and regulations.

We are looking for a professional who shares our commitment to cybersecurity excellence and is excited about the opportunity to grow with our organization. If you have the skills, experience, and passion for governance, risk management, and compliance, we encourage you to apply and become part of our dedicated cybersecurity team.

This is more than just a job – it's a chance to build a rewarding career in cybersecurity while contributing to an organization that values its people and is committed to maintaining the highest standards of security and compliance.

How to Apply

If you are ready to take the next step in your career and join a team of dedicated cybersecurity professionals, we want to hear from you! Please submit your application today.

arenaflex is an equal opportunity employer committed to diversity and inclusion. We encourage candidates from all backgrounds to apply.

Note: This position offers flexible work arrangements, including remote work options. The specific details will be discussed during the interview process.

Apply now to join the arenaflex cybersecurity team and help us shape the future of security and compliance!