Specialist - IT Governance, Risk and Compliance

About This Role

Job Summary: Synechron is seeking a dedicated and detail-oriented Specialist in IT Governance, Risk, and Compliance to support the organization’s compliance initiatives, risk management, and governance framework. This role entails developing and maintaining policies, conducting risk assessments, coordinating audits, and ensuring adherence to internal controls and regulatory standards. The ideal candidate will contribute to creating a secure, resilient, and compliant technology environment that aligns with industry best practices and organizational objectives.

Software Requirements:

• Required:

• Microsoft Office Suite (Excel, Word, PowerPoint) for reporting and documentation
• GRC platforms or tools (e.g., RSA Archer, MetricStream, ServiceNow GRC modules) – proficiency in at least one
• Document management and workflow tools (SharePoint, Confluence)
• Audit management and tracking tools

• Preferred:

• Data analytics tools (Power BI, Tableau) for reporting and dashboards
• Regulatory compliance management tools specific to data privacy and cybersecurity

Overall Responsibilities:

• Support the development, implementation, and maintenance of IT governance frameworks, standards, and control mechanisms
• Conduct IT risk assessments, identify potential threats, and monitor mitigation actions
• Maintain and update the IT risk register and report on risk status to leadership
• Assist with creating, reviewing, and updating policies, procedures, and control frameworks
• Perform periodic compliance evaluations against regulations, standards, and contractual requirements
• Support internal and external audit processes through documentation, evidence collection, and issue tracking
• Conduct control testing, gap analysis, and assessment activities across IT functions
• Monitor adherence to standards such as ISO 27001, NIST, COBIT, and relevant regulatory requirements
• Prepare reports and dashboards on compliance, risks, and audit findings for management review
• Promote awareness and understanding of governance and compliance practices within IT teams

Technical Skills (By Category): Programming Languages:

• Not mandatory, but familiarity with scripting languages such as PowerShell, Python, or Bash for automation and reporting is a plus

Databases/Data Management:

• Basic understanding of data management principles, data privacy, and security controls in databases (e.g., SQL, NoSQL) is advantageous

Cloud Technologies:

• Not required; however, knowledge of cloud security and controls aligning with governance standards (e.g., ISO 27017, NIST cloud security) is beneficial

Frameworks and Libraries:

• Familiarity with standards such as ISO 27001, NIST CSF, COBIT, and ITIL for governance and risk management

Development Tools and Methodologies:

• Experience with project management and workflow tools (Jira, ServiceNow, MS Project)
• Knowledge of Agile, Waterfall, or hybrid project approaches as they relate to compliance and governance initiatives

Security Protocols:

• Understanding of security controls, data privacy regulations (GDPR, CCPA), and internal policies for IT security and audit readiness

Experience Requirements:

• 3 to 5 years of experience supporting IT governance, risk, or compliance functions
• Proven experience in conducting risk assessments, managing internal controls, and supporting audits
• Domain-specific knowledge of regulatory frameworks across data privacy, cybersecurity, or enterprise compliance
• Experience working in regulated industries such as finance, healthcare, or telecommunications is preferred
• Alternative experience pathways include roles in internal audit or IT control functions, with demonstrated understanding of governance and compliance practices

Day-to-Day Activities:

• Support ongoing development and maintenance of IT policies, standards, and control frameworks
• Assist in conducting risk assessments, tracking mitigation, and updating risk registers
• Support internal and external audits by preparing documentation and evidence
• Perform control testing, gap analysis, and compliance checks across different IT units
• Monitor adherence to governance frameworks and recommend improvements
• Collaborate with cross-functional teams to communicate compliance requirements and promote best practices
• Review and update policies, procedures, and controls in response to regulatory or organizational changes
• Prepare reports, dashboards, and presentations for senior management on risk and compliance status

Qualifications:

• Bachelor’s degree in Information Technology, Information Security, Business Administration, or related field; equivalent professional experience accepted
• Certifications such as CISA, CISSP, ISO 27001 Lead Auditor, or equivalent are preferred
• Training or certifications related to IT governance, risk management, or compliance (e.g., COBIT, ITIL, GDPR certifications) are advantageous
• Commitment to ongoing professional development in GRC topics and relevant regulatory standards

Professional Competencies:

• Strong analytical and problem-solving skills with a focus on risk identification and mitigation
• Excellent communication skills to articulate complex concepts to diverse audiences
• Ability to collaborate across teams including audit, IT, and management
• Critical thinking and attention to detail to ensure accuracy in compliance work
• Proactive approach to identifying issues and proposing solutions
• Adaptability to changing regulatory environments and organizational priorities
• High standards of integrity, confidentiality, and professionalism
• Continuous improvement mindset, seeking ways to optimize governance processes and controls

S YNECHRON’S DIVERSITY & INCLUSION STATEMENT Diversity & Inclusion are fundamental to our culture, and Synechron is proud to be an equal opportunity workplace and is an affirmative action employer. Our Diversity, Equity, and Inclusion (DEI) initiative ‘Same Difference’ is committed to fostering an inclusive culture – promoting equality, diversity and an environment that is respectful to all. We strongly believe that a diverse workforce helps build stronger, successful businesses as a global company. We encourage applicants from across diverse backgrounds, race, ethnicities, religion, age, marital status, gender, sexual orientations, or disabilities to apply. We empower our global workforce by offering flexible workplace arrangements, mentoring, internal mobility, learning and development programs, and more.

All employment decisions at Synechron are based on business needs, job requirements and individual qualifications, without regard to the applicant’s gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law.

Candidate Application Notice