Governance, Risk, and Compliance Specialist

About NY Creates :

NY Creates serves as a bridge for advanced electronics, leads projects that advance R&D in emerging technologies, and generates the jobs of tomorrow. NY Creates also runs some of the most advanced facilities in the world, boasts more than 3,000 industry experts and faculty, and manages public and private investments of more than $25 billion - placing it at the global epicenter of high-tech innovation and commercialization.

Job Description :

Job Description for Governance, Risk, and Compliance Specialist

JOB SUMMARY

The Senior Governance, Risk, and Compliance Specialist (GRC) is the organization's authoritative governance, risk, and compliance strategist and execution lead, responsible for maturing and operationalizing a risk-aware, evidence-driven GRC program across NY Creates (NYC). This role owns the full lifecycle of enterprise risk assessments and risk register governance, third-party vendor risk management, cybersecurity policy and standards framework, internal audit program design and execution, and training and awareness strategy.

With advanced expertise in quantitative and qualitative risk modeling, control framework mapping, regulatory interpretation, and audit defense, the Senior GRC Specialist drives cross-functional alignment, automates compliance workflows, and delivers executive-ready risk intelligence that directly informs strategic decision-making. The incumbent operates with strategic foresight, diplomatic influence, and rigorous analytical discipline to ensure NYC's continuous compliance with NYC's NIST 800-171, CMMC 2.0, NSPM-33, ITAR / EAR, compliance posture in a federally funded research environment.

Job Responsibilities include but are not limited to :

• Lead enterprise risk assessment program : design methodology, facilitate workshops, perform threat modeling, quantify likelihood and impact, and maintain dynamic risk register with residual risk tracking and KRIs.
• Own third-party risk management framework : develop tiering model, author due diligence questionnaires, lead evidence reviews, negotiate contractual security clauses, and enforce continuous monitoring via automated feeds.
• Architect and govern cybersecurity policy hierarchy : author, socialize, and enforce policies, standards, and procedures; ensure bi-directional traceability to NIST 800-53, CMMC 2.0, and CIS Controls.
• Design and execute internal cybersecurity audit program : scope annual plan, perform control testing, issue findings with root cause analysis, and validate remediation effectiveness.
• Strategize and scale training and awareness program : develop role-based curriculum, integrate gamified phishing simulations, measure cultural maturity, and report behavioral risk trends to leadership.
• Produce integrated GRC dashboards and board-level reports : risk heatmaps, compliance posture, control effectiveness, vendor risk exposure, and audit readiness.
• Lead preparation for external assessments : CMMC Joint Surveillance, DIBCAC audits, and insurance cyber risk evaluations; serve as primary point of contact.
• Implement and administer enterprise GRC platform : configure risk, policy, vendor, and audit modules; automate workflows, evidence collection, and reporting.
• Chair risk committee meetings : present new risks, challenge mitigation plans, and secure executive approval for risk acceptance or treatment strategies.
• Drive GRC process automation and integration with ITSM, SOAR, and CMDB for real-time compliance visibility and control validation.
• Mentor Junior GRC Specialist and cross-functional control owners; establish GRC Center of Excellence and internal audit training pathways.
• Critical thinking to perform scenario-based risk analysis, challenge assumptions, and align compliance with mission objectives.
• Ability to translate technical control failures into business impact and regulatory exposure.
• High degree of initiative, dependability, and ability to influence without authority across all organizational levels.
• Effective oral & written communication skills, including policy authorship, audit report writing, and C-level risk presentations.
• Other reasonable duties as assigned.

Requirements :

Advanced GRC certifications required (at least two) :

Expert-level knowledge of compliance frameworks and control standards :

This position is contingent on the satisfactory completion of a background check.

Preferred Requirements

Additional preferred certifications :

Don't meet every requirement? At NY Creates we are dedicated to building a welcoming workplace. If you are excited about working for NY Creates but your experience doesn't exactly align perfectly with the job description, we encourage you to apply anyway, you might still be a perfect fit or a fit for another role at NY Creates.

Benefits

Location : 257 Fuller Road, Albany, NY 12203

Salary Range : $120,000 - $160,000

Additional Information :

NOTE : Some positions require access to export-controlled commodities, technical data, technology, software, or restricted programs where U.S. Government authorization may be required.

For positions requiring such access, offers of employment are contingent upon the employer being able to obtain the necessary authorization, including, if required, an export license from the U.S. Department of Commerce's Bureau of Industry and Security, the U.S. Department of State's Directorate of Defense Trade Controls, or other government agencies. The decision to pursue an export license application is at The Research Foundation for SUNY's sole discretion. Proof of status may be required prior to employment in connection with necessary authorizations.

Employment is with the Research Foundation for SUNY. The Research Foundation is an Equal Opportunity Employer, including individuals with disabilities and protected veterans.

In compliance with the Americans with Disabilities Act (ADA), if you have a disability and require a reasonable accommodation to apply please call Human Resources at 518-437-8686.

recblid qmmln5mfw8nma1xvxbthb3gbbv6dxr

PDN-a089dc32-2b2b-4cfe-84c2-801e23ecf684