The Brattle Group, a privately held, global economics consulting firm, is looking for a Cybersecurity GRC (Governance, Risk & Compliance) Specialist to join our Boston, MA office. The Cybersecurity GRC Specialist is responsible for working with the Manager of Cybersecurity to implement and manage the firm’s Governance, Risk, and Compliance framework. The role focuses on aligning policies and controls with industry regulations, performing risk assessments, supporting compliance audits, and promoting a culture of accountability and ethical conduct.

• Develop and maintain internal policies and procedures that support compliance with industry regulations (e.g., ISO 27001, NIST, SOC 2, GDPR), including maintaining POA&Ms and ATU artifacts
• Perform regular risk assessments and update the firm’s risk register.
• Collaborate with IT and Legal teams to address risks and control deficiencies.
• Monitor regulatory changes and evaluate their impact on firm operations.
• Provide support during internal and external audits, including evidence gathering.
• Lead or support compliance training sessions and awareness campaigns for staff.
• Lead initiatives for compliance automation, continuous control monitoring, and process optimization.
• Maintain third-party risk management documentation and review vendor contracts for compliance implications.
• Lead external annual external penetration and vulnerability testing and analysis.
• Update and manage governance documents, risk management policies, and compliance tracking logs.
• Maintain audit trail documentation for regulatory and internal control requirements.
• Contribute to annual compliance reports and board-level risk summaries.