Experienced Cybersecurity Governance, Risk & Compliance (GRC) Specialist – Third-Party Risk & ISO 27001 Program Lead (Remote, Full-Time / Part-Time)

Join arenaflex: Where Cybersecurity Meets Purpose and Innovation

Are you a seasoned Governance, Risk, and Compliance (GRC) professional with a passion for protecting enterprise ecosystems from evolving cyber threats? Do you thrive in dynamic, fast-paced environments where your expertise in third-party risk management, regulatory compliance, and information security frameworks can make a tangible difference? arenaflex, a forward-thinking global organization committed to operational excellence and digital trust, is seeking an experienced Cybersecurity GRC Specialist to join our remote team.

This isn’t just another remote position. This is an opportunity to play a pivotal role in safeguarding the integrity of arenaflex’s expanding digital landscape, working alongside industry-leading cybersecurity professionals, and contributing to programs that touch every corner of our global enterprise. Whether you’re looking for a full-time career or a flexible part-time engagement, this role offers the autonomy, challenge, and impact that experienced GRC professionals crave.

About arenaflex and Our Cybersecurity Mission

At arenaflex, cybersecurity is more than a function — it is a foundational pillar that empowers every business unit to innovate confidently. Our Cybersecurity Team is composed of forward-thinking specialists who design, implement, and continuously refine strategies that align security posture with commercial enterprise objectives. We believe that robust risk management and regulatory compliance are enablers of growth, not obstacles to it.

Our team operates at the intersection of cutting-edge technology and strategic governance. We are committed to staying ahead of emerging threats, embracing new innovations in AI/ML-driven security analytics, and building a culture where security awareness is embedded into the DNA of the organization. When you join arenaflex, you don’t just join a company — you join a movement dedicated to protecting what matters most in an increasingly connected world.

Position Overview

We are hiring a Cybersecurity GRC Specialist to lead and support critical third-party risk management (TPRM), internal threat assessment, and compliance initiatives within arenaflex’s global Information Security program. Reporting directly to the Manager of Governance, Risk, and Compliance (Cyber and Data Security), this role will be instrumental in shaping the way arenaflex identifies, evaluates, and mitigates cybersecurity risks across our third-party ecosystem and internal operations.

You will collaborate cross-functionally with business stakeholders, risk leads, auditors, and external partners to ensure that arenaflex maintains a resilient security posture, adheres to industry-leading standards (including ISO 27001, SOC 2, and SSAE 16/18), and continuously matures its GRC program in line with evolving regulatory landscapes.

Key Responsibilities

Third-Party & Internal Threat Risk Management (TPRM)

• Support arenaflex’s global Third-Party/Internal Risk Management program by conducting comprehensive cyber risk due diligence assessments on vendors, partners, and internal entities.
• Validate incoming third-party and internal risk assessment requests, partnering closely with business stakeholders to confirm engagement scope, objectives, and timelines.
• Facilitate kick-off sessions with internal stakeholders and relevant third parties to formally launch Third-Party Assessments (TPAs) and set clear expectations.
• Coordinate the distribution of due diligence questionnaires, meticulously review submissions for completeness, and identify risks arising from the design and operational effectiveness of security controls.
• Document responses, findings, and remediation plans within arenaflex’s centralized GRC systems, ensuring full traceability and audit readiness.
• Draft and review comprehensive assessment reports, ensuring business stakeholders provide timely sign-off and remediation commitments.
• Act as a trusted liaison, addressing queries from business units and third parties related to the risk control methodology, findings, and remediation pathways.
• Conduct continuous monitoring of third parties through arenaflex’s monitoring platforms, tracking new findings and driving them to closure.
• Identify and champion opportunities for process improvement, automation, and optimization within arenaflex’s TPRM systems and workflows.
• Collaborate closely with the Risk Lead/Supervisor to schedule and execute a diverse portfolio of supporting activities that strengthen the broader risk management program.

Governance, Risk & Compliance Program Leadership

• Lead and contribute to the development of cybersecurity risk and compliance policies, standards, and procedures aligned with arenaflex’s risk appetite and business strategy.
• Maintain and document compliance with information security-related policies and processes through structured planning, testing, remediation, tracking, and reporting on control reviews and risk assessments.
• Lead the development and delivery of engaging compliance and risk education programs, fostering a culture of security awareness and accountability across the organization.
• Stay continuously informed of regulatory changes, emerging industry guidelines, new technologies, and internal policy shifts to proactively identify new key risk areas.
• Lead initiatives to maintain and advance arenaflex’s ISO 27001 certification, including internal audits, control testing, and corrective action management.

Essential Qualifications & Experience

• Educational Background: A Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Information Systems, Risk Management, or a related discipline from an accredited university — or equivalent professional experience.
• Industry Experience: A minimum of 4 years of experience in third-party risk management, information security, and audit/compliance functions, with at least 2–3 years specifically focused on TPRM or internal audit.
• Enterprise Background: Prior experience working with a large, complex global organization or a Big Four accounting/consulting firm is strongly preferred.
• Professional Certifications: One or more of the following — CISA, CRISC, ISO 27001 Lead Implementer/Lead Auditor, or CISSP — is required or strongly preferred.
• Emerging Tech Exposure: Experience with AI/ML applications in cybersecurity is considered a significant plus.

Core Competencies & Personal Attributes

Knowledge and Technical Competencies

• Outstanding stakeholder management skills with the ability to influence and collaborate across all organizational levels.
• Working knowledge of information security best practices and standards, including ISO 2700x, SOC 2, SSAE 16/18, NIST, and other relevant frameworks.
• Demonstrated experience in the management of risk, controls, and compliance within complex enterprise environments.
• Solid understanding of risk evaluation methodologies — both qualitative and quantitative.
• Exceptional analytical and problem-solving capabilities, with a knack for translating complex findings into actionable business insights.
• Strong presentation design and delivery skills, capable of communicating technical concepts to non-technical audiences.

Personal Attributes for Success

• Robust interpersonal skills and a collaborative, team-first mindset.
• Ability to thrive in a fast-paced, evolving environment with flexibility around working hours when needed.
• Excellent communication abilities — both verbal and written — with a commitment to clarity and precision.
• Adaptability to rapidly changing circumstances and a demonstrated ability to drive high-quality change initiatives.
• Self-motivated, detail-oriented, and capable of managing multiple priorities with minimal supervision.

Why Choose arenaflex? Compensation, Perks & Benefits

At arenaflex, we believe that exceptional talent deserves exceptional support. That’s why we offer a competitive compensation package starting at $80,000 annually (commensurate with experience and engagement type), along with a comprehensive suite of benefits designed to help you thrive professionally and personally.

• Fully Remote Flexibility: Work from anywhere in the U.S. (or applicable region) with flexible full-time or part-time scheduling options that respect your lifestyle.
• Competitive Base Salary: $80,000/year with performance-based incentives and annual reviews.
• Comprehensive Health Benefits: Medical, dental, and vision insurance plans tailored to your needs.
• Retirement Planning: 401(k) plan with company match to help you build long-term financial security.
• Generous Paid Time Off: Vacation days, sick leave, and paid holidays to recharge and maintain work-life balance.
• Professional Development: Annual budget for certifications (CISA, CRISC, CISSP, ISO 27001), conferences, and training programs.
• Cutting-Edge Tools: Access to industry-leading GRC platforms, AI/ML-driven risk analytics tools, and modern collaboration technologies.
• Inclusive Culture: A diverse, supportive, and innovation-driven environment where your voice matters and your contributions are celebrated.

Career Growth & Learning Opportunities at arenaflex

When you join arenaflex’s Cybersecurity Team, you’re investing in a career path — not just a job. We are deeply committed to the continuous growth of our team members. You’ll have access to mentorship from senior GRC leaders, opportunities to lead high-impact projects across global business units, and a clear pathway for advancement into roles such as Senior GRC Analyst, Risk Manager, Compliance Lead, or Director of Cybersecurity Governance.

We actively encourage participation in industry forums, thought leadership publications, and cross-functional innovation initiatives. Whether you want to deepen your expertise in ISO 27001, expand into AI-driven security analytics, or move toward strategic risk advisory roles, arenaflex will support your journey every step of the way.

Our Work Environment & Culture

arenaflex’s remote-first culture is built on trust, transparency, and accountability. We believe that great work happens when talented people are given the tools, autonomy, and support they need to excel. Our cybersecurity team operates with a collaborative, learning-oriented mindset — we share knowledge freely, celebrate wins together, and approach challenges with curiosity rather than fear.

Diversity, equity, and inclusion are not just buzzwords at arenaflex — they are core values that shape how we hire, develop, and promote our team members. We welcome applicants from all backgrounds and are committed to building a team that reflects the diverse world we serve.

Your Next Step: Apply to arenaflex Today

If you are a driven, experienced GRC professional ready to take the next step in your cybersecurity career, arenaflex wants to hear from you. Bring your expertise, your passion for protecting digital ecosystems, and your commitment to excellence — and join a team that values your contributions as much as we value the security of the communities we serve.

This is more than a job listing. It is an invitation to build something meaningful, to grow alongside industry leaders, and to leave a lasting mark on the cybersecurity landscape. Don’t wait — the future of secure digital transformation is being shaped right now, and your skills can be a driving force behind it.

Ready to make an impact? Submit your application today and take the first step toward an exciting, rewarding career with arenaflex. We look forward to welcoming you to our team.

Apply Now to Join arenaflex