Optomi, in partnership with a leading organization in the energy sector, is seeking a Sr. Security Governance, Risk, & Compliance (GRC) Professional for a 12-month contract position.
Position Summary: This position is part of the Information Security Department, specifically the Governance, Risk, and Compliance (GRC) team. The senior professional will provide expert advice and collaborate with technical staff and business owners to identify and assess controls to adequately safeguard the client's data and information systems. The individual will support the execution of a comprehensive information security risk management program leveraging frameworks such as NIST CSF, NIST RMF, and PCI. Key responsibilities include performing risk assessments, monitoring regulatory compliance requirements, and developing processes, methods, and standards for identifying and managing risk. What the right candidate will enjoy:
- Working with a collaborative and expert team in the Information Security Department
- Gaining exposure to a hybrid work environment with opportunities for travel
- Contributing to meaningful projects that safeguard critical data and systems
- 10+ years of experience in risk management, IT operations, or security engineering
- 5+ years performing security control assessments and IT governance
- Strong technical knowledge of cybersecurity technologies and frameworks such as NIST CSF, NIST 800-171, ISO 27001, and PCI
- Experience with public cloud service providers (AWS & Azure)
- Proficiency in using GRC software such as ServiceNow
- Conduct cyber risk evaluations using frameworks like NIST RMF/CSF and PCI
- Assess likelihood vs. impact for risks identified through vulnerability data, engineering feedback, operational telemetry, and threat intelligence feeds
- Translate complex technical issues into actionable risk statements outlining threat vectors, attack paths, and business impacts
- Perform quantitative and qualitative risk analysis using scenario modeling and control effectiveness scoring
- Evaluate how threats and risks affect business operations, regulatory compliance, and service availability
- Support development of risk appetite thresholds, KRIs, and measurement models for tracking risk over time
- Partner with engineering and security teams to convert technical assessments into structured risk evaluations
- Track emerging threats, vulnerabilities, and attacker tradecraft to advise leadership on mitigation strategies
Join Optomi in delivering innovative solutions to support NRECA's mission to safeguard their data and systems while enabling operational excellence.
