• Monitor and ensure ongoing compliance with CySEC regulatory requirements, MiFID II, AML directives, and other applicable EU regulations (e.g. IFR, DORA etc). • Assist in the development, implementation, and review of compliance policies, procedures, and manuals. • Conduct compliance risk assessments and audits, and recommend corrective actions where necessary. • Support the preparation and timely submission of regulatory reports, notifications, and filings to CySEC and other authorities. • Advise management and business units on compliance-related matters and regulatory changes. • Liaise with CySEC and external auditors on compliance issues and inspections. • Perform ongoing monitoring of client transactions, KYC/AML reviews, and reporting of suspicious activities (SARs). • Provide compliance training and guidance to staff across all departments. • Contribute to the firm’s compliance monitoring program and assist in regulatory gap analyses. • Maintain a deep understanding of complex compliance risks/issues, identify root causes of inefficiencies, and develop effective process improvement strategies to streamline the operations teams’ processes. • Review Marketing Communication and advise on alignment of content with MiFID II marketing guidelines. • Review Professional clients applications according to MiiFID II standards. • Stay abreast on industry standards and CySEC/EU regulatory developments and consider application of regulatory requirements with a global focus, if necessary. • Perform any other duties as may be assigned by the direct manager and/or senior management.

• Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles – including scoping, control testing, evidence collection, auditor coordination, and remediation tracking. • Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation that meet auditor expectations and scale with the business. • Map controls across SOC, ISO, PCI, and NIST frameworks to identify overlap, gaps, automation opportunities, and control maturity improvements. • Facilitate risk assessments for systems, vendors, products, and business initiatives. Maintain risk registers, mitigation plans, and executive reporting on residual risk. • Partner with engineering and infrastructure teams to translate security requirements into practical technical controls across cloud infrastructure, SDLC, access management, logging, monitoring, and incident response. • Manage vendor security reviews, questionnaires, evidence validation, risk scoring, and ongoing monitoring for critical third parties and partners. • Support customer security reviews, security questionnaires, and trust documentation that enable enterprise sales and bank partnerships. • Help build scalable compliance workflows, tooling, and automation to reduce manual effort and improve evidence quality as Astra grows. • Maintain dashboards and reporting on audit status, control health, remediation progress, and risk posture for leadership.

- Serve as internal expert on IRA provisions including domestic content, prevailing wage, and apprenticeship mandates. - Track qualifying project costs, workforce metrics, and documentation to support tax credit eligibility and audit readiness. - Stay current on IRS and DOE guidance; update internal systems to reflect changes. - Ensure compliance with local permitting, environmental, and safety regulations. - Oversee Davis-Bacon Act compliance and certified payroll reporting for solar construction sites. - Conduct audits and implement corrective actions for internal teams and subcontractors. - Collaborate with HR, Legal, Project Admins, and Construction teams on workforce classification, certified payroll, and compliance tracking. - Lead compliance training for staff, subcontractors, and project managers. - Build workflows, reporting systems, and monthly dashboards to communicate compliance status to leadership.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The IT Security Governance, Risk & Compliance (GRC) Specialist plays a critical role in ensuring that the organization adheres to healthcare regulations, mitigates risks, and maintains a robust compliance program. This individual will support governance, risk, and compliance initiatives by assessing regulatory requirements, identifying potential risks, and ensuring alignment with industry standards such as HIPAA, HITECH, NIST CSF, and other relevant frameworks. - Governance: Assist in developing, maintaining, and enforcing healthcare policies and procedures. Support the implementation and management of governance frameworks, ensuring alignment with organizational objectives and healthcare regulations. Collaborate with stakeholders to ensure compliance with applicable standards and best practices. - Risk Management: Conduct risk assessments, including the identification, analysis, and prioritization of risks related to healthcare operations, IT systems, and third-party vendors. Develop and maintain the organization’s risk register and track remediation efforts. Participate in incident response planning and tabletop exercises to improve organizational preparedness. - Compliance: Monitor and ensure compliance with regulatory requirements such as HIPAA, HITECH, CMS guidelines, and state-specific healthcare laws. Support audit and assessment processes, including preparing documentation, responding to audit requests, and implementing corrective actions. Assist in managing third-party risk assessments, ensuring vendor compliance with healthcare security and privacy standards. - Reporting and Documentation: Prepare and deliver compliance and risk reports to leadership, including metrics, dashboards, and key performance indicators (KPIs). Maintain accurate documentation of compliance activities, risk assessments, and governance efforts. - Collaboration and Training: Partner with internal teams (e.g., IT, Legal, Operations) to address compliance gaps and enhance security posture. Provide training and awareness sessions to staff on healthcare compliance, risk management, and policy requirements. Act as a liaison with external auditors, regulatory agencies, and third-party vendors. Qualifications - At least 1 year of experience in governance, risk and compliance roles, preferably within healthcare - required - Familiarity with healthcare regulations (HIPAA, HITECH, CMS) and industry standard (NIST CSF, HITRUST, ISO 27001) - preferred - Four-year bachelor's degree or equivalent experience in Healthcare administration, Information Security, Risk Management, or a related field - required Requirements - CHC, CISA, CCSFP or CISSP certification - preferred Benefits - Employee portion of medical plan premiums are covered after 3 years. - 4%-10% employee savings plan match based on tenure - Paid Parental Leave (up to 12 weeks) - Caregiver Leave - Adoption and surrogacy reimbursement