Senior GRC & Security Assurance Specialist

Build the Future with AspenView Technology Partners

At AspenView, we are passionate about transforming the way organizations approach technology. We specialize in creating high-performing, nearshore IT teams to help North American clients innovate faster and more efficiently. As we continue to grow, we’re looking for exceptional people to join our team and help drive impactful change across industries.

Why Join AspenView?

At AspenView, we’re more than a nearshore IT partner—we’re a people-first, purpose-driven company that believes great culture drives great outcomes. We’re passionate about connecting talent and technology to deliver measurable value for clients—and meaningful career paths for our people.

Here’s what you can expect:

• Competitive base
• Comprehensive benefits and wellness support
• Flexible work model: hybrid, remote, or in-office
• Real growth opportunities and leadership visibility
• Inclusive, respectful culture that blends U.S. innovation with Colombian heart
• A company that listens, invests in you, and celebrates wins together

The Senior GRC & Security Assurance Specialist is responsible for designing, implementing, and overseeing the Client’s cybersecurity governance framework. This role acts as the bridge between technical security operations and corporate risk management, ensuring that the organization meets the highest global standards of compliance and resilience.

You will lead the effort to maintain "audit-ready" status across multiple frameworks (ISO, NIST, PCI), while proactively managing third-party risks and ensuring that security policies are not just documents, but operational realities.

What you will do:

Framework Management & Control Mapping

• Build, maintain, and optimize control frameworks aligned with ISO 27001, NIST CSF, PCI DSS, SOC 2, and DORA.
• Perform comprehensive cyber risk assessments and map security controls across diverse business and technical domains.
• Lead the creation, review, and enforcement of global security policies, standards, and procedures.

Audit Readiness & Assurance Testing

• Drive audit readiness programs, acting as the primary point of contact for internal and external auditors.
• Design and execute assurance testing to validate the effectiveness of technical and administrative security controls.
• Identify control gaps and partner with technical teams to develop and track remediation plans.

Third-Party & Supply Chain Risk

• Execute Third-Party Risk Management (TPRM) assessments to ensure vendors and partners meet the Client's security requirements.
• Develop supply-chain assurance models to mitigate risks associated with software and service providers.
• Utilize GRC tooling (e.g., ServiceNow, Archer, OneTrust) to automate risk tracking and compliance reporting.

Tools & Technologies:

• GRC Platforms: Proficiency in ServiceNow GRC, Archer, OneTrust, or LogicGate.
• Frameworks: Deep expertise in ISO 27001, NIST 800-53/CSF, PCI DSS, and SOC 2.
• Regulations: Familiarity with DORA, GDPR, and HIPAA.
• Audit Tools: Experience with automated compliance monitoring and evidence collection tools.

What you bring:

• 6–8+ years of experience in GRC, Information Security Audit, or Cyber Risk Management.
• Certification: CISA, CRISC, CISM, or ISO 27001 Lead Auditor (highly preferred).
• Strategic Accuracy: Ability to translate complex regulatory requirements into clear, actionable technical controls.
• Communication: Exceptional ability to communicate risk to both technical teams and executive leadership.
• Analytical Mindset: Expert at identifying patterns of risk and proposing scalable mitigation strategies.

Equal Opportunity Employer:

AspenView is proud to be an equal opportunity employer. We believe in creating an environment where all employees feel welcome, valued, and empowered to succeed. We celebrate diversity and strive to build a culture of inclusion where all individuals, regardless of their race, color, gender, gender identity or expression, sexual orientation, disability, age, or any other characteristic, can thrive. We encourage applicants from all walks of life to join our team and make a lasting impact.