Sr Governance, Risk and Compliance Specialist (6 mo contract)

Job Locations US-NC-Cary HQ
Requisition ID
Visa Sponsorship
Travel Requirements

**6 month contract only**




The Sr Governance, Risk and Compliance (GRC) Specialist will be responsible for supporting the IT Governance, Risk and Compliance Program. They will perform risk assessments, gap analysis and overall security controls guidance around security standards such as ISO 27001, National Institute of Standards and Technology (NIST 800-53), IRS 1075 and other security frameworks. They will lead efforts to design, implement, and manage IT GRC program requirements within the ServiceNow GRC platform. The Sr GRC Specialist will also perform Plan of Action and Milestone (POAM) activities to track remediation efforts, complete security risk tracking and reporting, and Information Technology audit preparation and response.

The ideal candidate will be a self-starter and have an inquisitive, analytical mind that constantly looks for solutions to difficult problems. This person must have the ability to convey technology and security concepts to management and ideally has technical knowledge and/or experience in security with a proficiency in a risk management framework with the ability to assess administrative and technical controls.

A successful candidate must be driven and goal-oriented with the ability to complete tasks with limited supervision within an evolving and entrepreneurial environment. The Sr. GRC Specialist will work with other departments throughout SAS and must be detail-oriented to successfully manage multiple projects at the same time.


  • Lead Information Security Risk Assessment and gap analysis activities.
  • Track POAM and risk remediation activities and provide relevant metrics to communicate status and awareness.
  • Facilitate analysis, documentation and training of remediation actions in response to audit and assessment findings.
  • Serve as subject matter expert and lead efforts to utilize the ServiceNow GRC platform to support the IT GRC Program.
  • Contribute to the strategy, implementation and continuous improvement of the IT GRC Program.
  • Work proactively with the GRC Team to implement and manage regulatory and compliance program requirements in the GRC platform.
  • Cultivate relationships with other SAS Divisions such as Information Security, R&D, Audit and Compliance, and business stakeholders to strengthen security governance and risk management.
  • Socialize and manage the awareness and adoption of IT GRC processes.
  • Must have the ability to work with little supervision, escalating issues as appropriate.
  • Create and help administer security training programs and practices.
  • Perform other duties as assigned.


  • 8+yrs of experience in Information Security and Compliance, IT Risk Management, and securing IT systems.
  • Bachelor’s degree in a related field, preferably Computer Science, Information Technology or Cybersecurity.
  • CRISC, CRMA, or ServiceNow CIS-Risk and Compliance certifications preferred.
  • Strong background in executing Risk Assessment and remediation activities.
  • Strong understanding of IT Governance activities which support the organizations policies, standards, and procedures.
  • Knowledge of regulatory standards and security frameworks; PCI, FISMA, NIST 800-53, HIPAA, ISO 27001/27002.
  • Knowledge of risk assessment methodologies and practices.
  • Experience working with the ServiceNow GRC platform.
  • Understanding of IT Security controls and best practice.
  • Experience with the ServiceNow issue management ticketing system.

Knowledge, Skills and Abilities Preferred:


  • Highly motivated individual with excellent organizational skills, detail oriented, with the ability to stay on top of a variety of commitments and deadlines
  • Ability to work independently and as a team to maintain workload and report on problems or progress in a timely manner.
  • Strong time management skills (schedules, timelines, and task prioritization) and ability to work with minimal supervision or guidance.
  • The ability to be flexible with others, to display tact and diplomacy, and to maintain a high degree of confidentiality and integrity.



Equivalent combination of education, training, and relevant experience may be considered in place of the requirements above.


Why SAS:


  • We love living the #SASlife and believe that happy, healthy people have a passion for life, and bring that energy to work. No matter what your specialty or where you are in the world, your unique contributions will make a difference. 
  • Our multi-dimensional culture blends our different backgrounds, experiences, and perspectives. Here, it isn’t about fitting into our culture, it’s about adding to it - and we can’t wait to see what you’ll bring.


Additional Information:

SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Equal Employment Opportunity is the Law. Also view the supplement EEO is the Law, and the notice Pay Transparency. Equivalent combination of education, training and experience may be considered in place of the above qualifications. The level of this position will be determined based on the applicant's education, skills and experience. Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process. To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share with your networks