Technical GRC Specialist

Job not on LinkedIn

🕒 May 23

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Capacity

WebsiteLinkedInAll Job Openings

501 - 1000 employees

Founded 1999

🛍️ eCommerce

🤝 B2B

🚗 Transport

eCommerce • B2B • Transport

Capacity is a third-party logistics (3PL) and fulfillment company that provides nationwide U. S. and UK warehousing, order fulfillment, and value-added services for eCommerce, DTC, and retail brands. The company emphasizes smooth onboarding, integrated technology and data to power decisions, and tailored operations (including hazmat handling and retail/node selection) to protect brand experience and support growth. Capacity partners with consumer-facing brands across beauty, wellness, apparel, electronics, and CPG to deliver fast, cost-effective distribution and omnichannel fulfillment.

📋 Description

• Provide hands-on support in the assessment, improvement, and maintenance of technical security baselines based on industry best practices (e.g., NIST, CIS, ISO). • Ensure configurations satisfy global regulatory mandates (e.g., HIPAA, GDPR). • Leverage automated tools to monitor security and compliance posture. • Act as a GRC interface with Infrastructure and Engineering teams to ensure hardening requirements are technically feasible and effectively implemented. • Manage and continuously improve the company's Third-Party Risk Management programme across suppliers, vendors and strategic partners. • Own end-to-end due diligence processes for new and existing vendors, including inherent risk assessments, security/privacy reviews and ongoing monitoring. • Review vendor assurance documentation such as ISO 27001 certificates, SOC 2 reports, penetration test summaries, policies and compliance evidence. • Identify, document and communicate vendor risks, remediation actions and approval recommendations. • Maintain risk tiering and reassessment schedules for critical and high-risk vendors. • Act as a trusted partner to internal stakeholders during vendor onboarding, renewals and procurement decisions. • Engage directly with suppliers to resolve due diligence issues and drive remediation. • Maintain audit-ready documentation within GRC systems. • Support team members with global and contractual compliance efforts, as well as internal and external audits. • Contribute to security and compliance policy, process, and control improvements. • Identify opportunities for automation, simplification, and improved GRC tooling.

🎯 Requirements

• 3+ years’ experience in compliance, GRC, vendor risk management, information security, internal audit or related fields. • Proven experience in cybersecurity and managing third-party/vendor due diligence programmes. • Strong understanding of common assurance frameworks such as ISO 27001, SOC 2, NIST or equivalent. • Good working knowledge of UK GDPR / privacy considerations in supplier relationships. • Familiarity with cloud/SaaS environments and common systems (e.g. identity providers, cloud platforms, collaboration tools). • Experience reviewing supplier security documentation and identifying practical risks. • Strong organisational skills with the ability to manage multiple priorities independently. • Excellent written and verbal communication skills; proficient in English.

🏖️ Benefits

• Private health insurance • Profit Interest Unit Appreciation Rights • 25 days paid leave • Pension • Group life assurance • Group income protection • Flexible work environment • A supportive, diverse workplace where we prioritize respect for each other and our clients • A fun and collaborative team culture