- Harte Hanks (NASDAQ: HHS) is a leading global customer experience company whose mission is to partner with clients to provide them with CX strategy, data-driven analytics and actionable insights combined with seamless program execution to better understand, attract, and engage their customers. Using its unparalleled resources and award-winning talent in the areas of Customer Care, Fulfillment and Logistics, and Marketing Services, Harte Hanks has a proven track record of driving results for some of the world's premier brands.
- The Senior GRC Specialist is responsible for assisting in the development, implementation, and management of the company's Governance, Risk, and Compliance (GRC) framework. This role requires a strategic thinker with in-depth knowledge of regulatory requirements, industry standards, and best practices, ensuring that the organization operates within defined risk tolerances and meets its compliance obligations.
- Assist in developing and refining information security policies, procedures, and standards.
- Coordinate with different departments to ensure company-wide adherence to security governance principles.
- Lead risk assessments, identify vulnerabilities, and work with relevant departments to mitigate potential threats.
- Collaborate with stakeholders to ensure that risk management efforts align with the organization's objectives.
- Ensure that the organization meets its statutory and regulatory requirements.
- Conduct compliance assessments and audits, coordinating with external auditors when necessary.
- Monitor regulatory landscape for changes that will affect information security policy, standards, and procedures.
- Assist in developing and delivering GRC-related training and awareness programs.
- Coordinate with HR and other relevant departments to ensure all employees undergo mandatory training.
- Support the incident response team by providing insights on regulatory implications during breaches or policy violations.
- Document incidents, ensuring they are reported in line with regulatory requirements and company policies.
- Prepare regular reports on the status of the GRC program for senior management and external stakeholders.
- Analyze GRC data to provide insights and recommendations.
- Bachelor's degree in Business, Law, Information Technology, or a related field. Master’s degree is preferred. Relevant experience can be considered.
- 3-5 years of experience in a GRC role or related.
- Profound knowledge of industry regulations, standards, and frameworks relevant to the business (e.g., GDPR, CCPA, ISO 27001, NIST RMF, CSF, HIPAA, SOC2 Type 2, SOX and PCI-DSS).
- Relevant certifications such as CGRC, CISA, CRISC, CGEIT, or similar.
- Strong analytical, organizational, and communication skills.
- Experience with GRC tools such as UpGuard, OneTrust, ZenGRC, RSA Archer and others a plus.
- Group Health and Wellness (Medical, Dental, and Vision)
- Health Savings Account (HSA)
- Educational Assistance
- Voluntary plans, including critical illness, accident, and hospitalization
- 401k plan with Company Match and Roth contributions | Immediate vesting