Experienced Governance, Risk and Compliance (GRC) Specialist - Cyber Protection Expert - arenaflex Security Leadership Opportunity

About arenaflex: Pioneering Cybersecurity Excellence

arenaflex stands at the forefront of cybersecurity innovation, safeguarding digital ecosystems with unwavering commitment to excellence. As a leader in the cybersecurity landscape, arenaflex combines cutting-edge technology with industry expertise to protect organizations against evolving threats. Our cybersecurity division comprises seasoned professionals who formulate and implement strategies and recommendations to help organizations align with their business objectives while managing risks effectively and meeting industry guidelines and standards.

We operate at the intersection of technology and innovation, constantly developing solutions that address the most pressing cybersecurity challenges today. At arenaflex, we believe that cybersecurity isn't just about protection—it's about enabling business confidence and digital transformation. Our team works on pioneering technology and toward new innovations in the field of cybersecurity to maintain the highest standards of security across all our operations.

About the Role

We are seeking an experienced Governance, Risk and Compliance (GRC) Professional specializing in Cyber Protection to guide GRC-related activities and ensure seamless execution of various tasks within our cybersecurity team. This position represents a unique opportunity to shape our security posture while working with industry-leading frameworks and technologies.

The successful candidate will play a pivotal role in arenaflex's cybersecurity operations, focusing on third-party risk management, internal threat control programs, and the implementation of robust security regulations, tactics, and frameworks. You will work closely with business stakeholders to establish and maintain effective security controls while ensuring compliance with industry standards.

Reporting Structure

This role reports directly to the Manager of Governance, Risk and Compliance within our Cyber and Data Security division, providing you with visibility into enterprise-wide security operations and strategic decision-making processes.

Key Responsibilities

Third Party Risk Management

• Lead the implementation and management of arenaflex's third-party risk management program, including conducting comprehensive cyber risk related due diligence assessments
• Validate incoming third-party/internal risk assessment requests, working closely with business stakeholders to confirm request details and engagement scope
• Conduct kick-off sessions with business stakeholders and relevant third parties for conducting thorough risk assessments
• Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, reviewing submissions for completeness
• Analyze submitted questionnaires to determine risks arising from the design and operational effectiveness of security controls
• Document responses, associated findings, and remediation plans in arenaflex's enterprise systems
• Continuously monitor third parties through arenaflex systems for current and new findings, tracking issues to resolution
• Identify opportunities for improvement within arenaflex's systems and processes
• Act as a strong liaison to ensure timely resolution of queries regarding the risk management process and assessments

Governance, Risk and Compliance

• Lead and assist in the development of cybersecurity risk and compliance-related policies to ensure treatment of cybersecurity risks consistent with the organization's risk appetite
• Maintain and document compliance against information security related policies and procedures through planning, testing, remediating, tracking, and reporting on control reviews and risk assessments
• Lead development and delivery of compliance and risk training and ongoing communications that support a culture of security and compliance
• Stay abreast of regulatory changes, new guidelines, technologies, and internal policy modifications to identify emerging key risk areas
• Lead activities to maintain and guide ISO 27001 compliance across the organization
• Work closely with risk leads/managers to schedule and execute various supporting activities related to the risk management program
• Draft and review reports for assessments performed and ensure respective business stakeholders finalize reviews

Essential Qualifications

• Bachelor's degree in Information Security, Cybersecurity, Computer Science, or related field (Master's preferred)
• Minimum 4 years of experience in third-party risk management, information security, and audit & compliance (with at least 2-3 years in TPRM/internal audit)
• Strong understanding of information security best practices and requirements including ISO 27001, SOC 2, NIST, COBIT, and others
• Experience in risk, controls, and compliance management within enterprise environments
• Knowledge of risk assessment methodologies - both qualitative and quantitative approaches
• Professional certifications such as CISA, CRISC, CISSP, or CISM (at least one required, multiple preferred)
• Exceptional analytical and problem-solving abilities
• Strong presentation skills with ability to communicate complex security concepts to diverse audiences

Preferred Qualifications

• Experience with large enterprises and/or Big Four accounting firms
• Familiarity with GRC platforms such as RSA Archer, MetricStream, or similar systems
• Experience in AI/ML applications for cybersecurity is a plus
• Experience with cloud security frameworks and compliance requirements
• Knowledge of specific industry regulations (GDPR, CCPA, HIPAA, etc.)
• Experience developing and implementing security awareness programs

Core Competencies

• Stakeholder Management: Exceptional ability to communicate and collaborate effectively with technical and non-technical stakeholders at all levels
• Regulatory Knowledge: Comprehensive understanding of cybersecurity regulations and compliance requirements
• Risk Assessment: Expertise in identifying, evaluating, and documenting security risks
• Documentation Skills: Strong ability to create clear, comprehensive security documentation
• Project Management: Experience managing multiple concurrent projects with competing priorities
• Technical Acumen: Understanding of security technologies, architectures, and threat landscapes

Personal Attributes

• Strong interpersonal skills and ability to build relationships across organizational boundaries
• Ability to navigate fast-paced environments and maintain flexibility with working hours
• Excellent communication skills, both verbal and written
• Adapt quickly to changing conditions and drive high-quality change
• Demonstrated ability to work independently and as part of a team
• Strong attention to detail and commitment to quality
• Proactive approach to problem-solving and continuous improvement

Career Growth Opportunities

At arenaflex, we believe in investing in our people's growth and development. This role offers numerous opportunities for professional advancement, including:

• Access to cutting-edge cybersecurity projects that shape industry standards
• Mentorship from senior cybersecurity professionals
• Opportunity to develop specialized expertise in governance, risk, and compliance
• Clear career progression path toward senior leadership positions
• Regular participation in industry conferences and professional development opportunities
• Chance to contribute to the development of arenaflex's cybersecurity strategy

Work Environment and Culture

arenaflex fosters a collaborative, innovative work environment where cybersecurity professionals can thrive. Our culture emphasizes:

• Continuous learning and professional development
• Recognition of technical excellence and innovation
• Collaborative problem-solving across teams
• Work-life balance with flexible working arrangements
• Commitment to diversity and inclusion
• Remote-first work environment with opportunities for occasional team gatherings

Compensation and Benefits

arenaflex offers a comprehensive compensation package that recognizes the value of our cybersecurity professionals:

• Competitive salary commensurate with experience and qualifications
• Comprehensive health, dental, and vision insurance options
• Retirement savings plan with employer matching
• Professional development and certification support
• Generous paid time off and company holidays
• Remote work flexibility with home office equipment allowance
• Performance-based bonuses and recognition programs
• Employee assistance program and wellness resources

Join arenaflex's Cybersecurity Excellence

This position represents more than just a job—it's an opportunity to join a team that's shaping the future of cybersecurity. At arenaflex, you'll work with talented professionals dedicated to protecting digital assets while enabling business innovation and growth.

If you're passionate about governance, risk, and compliance and want to make a meaningful impact in the cybersecurity field, we encourage you to apply. arenaflex offers a dynamic environment where your expertise will be valued, your contributions will make a difference, and your career will flourish.

Join us in our mission to create a more secure digital future while enjoying the flexibility and benefits of a modern, remote-first workplace. Apply today to become part of arenaflex's cybersecurity leadership team.