• Provide security monitoring and incident response of cyber security events in a highly available Security Operation Center (SOC) that supports internal and external customers • Be part of a SOC on-call rotation during weekends (every fourth weekend) • Monitor and analyze Security Information and Event Management (SIEM) alerts to identify security issues for remediation and investigate events and incidents • Operate security tools like CNAPP, EDR, SIEM, DLP, various AI tools, vulnerability management solutions, and others • Develop correlation rules to expand our threat detection capability; enrich the rules with threat intelligence • Automate repetitive tasks by utilizing AI and traditional automation through API interfaces • Perform threat hunting to proactively detect incidents • Liaise with GRC and Product Security to mitigate risks in both enterprise and production environments • Investigate, document, and report on information security issues and emerging trends.

itD is seeking a Security Governance, Risk, and Compliance (GRC) Program Manager (Compliance Specialist V) to lead strategic security risk initiatives and provide second-line oversight of enterprise risk and compliance programs. This role is critical in shaping organizational security posture, ensuring alignment with global regulatory requirements, and enabling scalable, secure business operations across diverse business units. The ideal candidate will bring deep expertise in cybersecurity and GRC frameworks, along with a proven track record of delivering enterprise risk programs, automated control frameworks, and cross-functional security initiatives. Location: Remote (U.S.-based) Duration: 6 Months We provide comprehensive medical benefits, a 401k plan, paid holidays, and more. Please note that we are only considering direct W2 candidates at this time, as we are unable to offer sponsorship. Responsibilities - Lead and execute strategic risk initiatives within the Security GRC program to strengthen enterprise security posture - Identify, assess, and resolve complex cybersecurity and compliance risks across multiple business units - Develop, implement, and automate security controls aligned with industry GRC standards - Collaborate cross-functionally with Security, Product, Engineering, and Legal teams to ensure regulatory alignment and risk mitigation - Influence senior stakeholders and drive adoption of best practices in risk management and compliance - Establish frameworks and governance processes that support scalable and secure business operations - Drive thought leadership and continuous improvement in security risk management practices Internal Responsibilities - Attend regular internal practice community meetings - Collaborate with your itD practice team on industry thought leadership - Complete client case studies and learning material (blogs, media material) - Build out material to contribute to the Digital Transformation practice - Attend internal itD networking events (in person and virtual) - Work with leadership on career fast-track opportunities Required Qualifications and Skills - 10+ years of experience in cybersecurity, risk management, or GRC programs - Deep knowledge of cybersecurity and Governance, Risk, and Compliance (GRC) frameworks - Experience building and implementing security controls and automation - Proven ability to lead strategic initiatives and influence cross-functional stakeholders - Strong experience in risk assessment, compliance, and internal governance processes Preferred Qualifications and Skills - Experience with regulatory compliance across global environments - Background in program management within large technology organizations - Prior experience with leading tech companies or Big 4 consulting firms - Strong internal networking, stakeholder engagement, and advocacy skills Education - Bachelor’s degree in a relevant field or equivalent work experience required Company Description About itD: We are part of a new generation of consulting and software development company that blends diversity, innovation, and integrity with real business results. Our structure rejects any strong hierarchy, empowering us to deliver excellent results. We are a woman- and minority-led firm. Every day, we challenge ourselves to be considerate, fair and to re-think what great outcomes mean for our customers. This permeates down to how we approach every interaction, on every project, for every client. You’ll thrive here if you are a dynamic self-starter, a difference-maker or someone who wants to deliver great results, without constraints. The itD Digital Experience: Joining us means you’ll be part of our global community, you have a say about your own career journey, and you’ll get a chance to give back to causes that matter. You will experience working with Fortune 500 companies and high-performance teams across numerous industries. itD offers our employees excellent benefits such as medical, dental, vision, life insurance, paid holidays, 401K + matching, networking & career learning and development programs. We are growing and we want to see you grow! Visit https://itdtech.com/careers to learn more about what working at itD can mean for you. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. itD is committed to working with and providing reasonable accommodation to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application process, or to perform the essential functions of a position, please contact us at recruiting@itdtech.com and let us know the nature of your request and your contact information. Additional Info Dynamic environment in a culture of respect, empowerment and recognition for a job well done, apply today!

• Stand up and lead a lean, highly efficient, and automation-driven Security and Threat Operations team, including hiring, coaching, and career development of analysts and engineers. • Establish operating rhythms (standups, metrics reviews, post-incident retrospectives) and standard operating procedures for response, containment, eradication, and recovery. • Build and maintain a Security and Threat Operations strategy in coordination with the CISO and other stakeholders, including software engineering, data engineering, and IT. • Develop and report on KPIs and KRIs for the Security and Threat Operations function. • Align SecOps processes to FFIEC/GLBA expectations and industry frameworks (NIST CSF and Cyber Risk Institute Profile). • Prepare evidence for audits/exams; provide clear, actionable metrics and board-level reporting on SOC performance, incident trends, control coverage, and risk reduction. • Partner with Legal, Compliance, Privacy, and Third-Party Risk on obligations and notifications. • Coach analysts on analytical rigor, bias reduction, and structured investigations. • Promote a blameless, learning-oriented culture that prizes speed, accuracy, and craftsmanship. • Own SIEM/SOAR strategy and daily operations; drive log onboarding, normalization, and high-fidelity detections across the entire technology landscape. • Serve as incident response commander for high-severity incidents; coordinate cross-functional responders in Infrastructure, IT, Engineering, Legal, and Compliance. • Build, maintain, and continuously improve standard operating procedures (SOPs), runbooks, and playbooks. • Maintain and exercise incident response plans through tabletop and similar activities. • Maturity evidence handling, forensics workflows, and case management; ensure accurate timelines and regulator-ready documentation. • Drive post-incident reviews with measurable corrective actions (people/process/technology) and executive readouts. • Own the vulnerability management lifecycle, ensuring coverage of vulnerability discovery, triage, and management across servers, endpoints, network, cloud subscriptions, containers/images, and custom APIs.

• Act as a subject matter expert for GCP cloud security • Design, configure, and optimize Google Security Command Center (SCC) • Monitor and investigate security events using GCP audit logs • Identify misconfigurations and data exfiltration risks • Correlate findings with CNAPP, endpoint, and SIEM data sources • Identify attack paths across complex GCP environments • Assist with the development of automated response playbooks • Lead cloud-native incident response activities • Perform cloud forensics to analyze identity activity • Produce investigation reports and post-incident recommendations • Provide architectural guidance on secure GCP design • Partner with engineering teams to embed security controls