Experienced Cybersecurity Governance, Risk & Compliance (GRC) Specialist – Third-Party Risk & Internal Security Programs (Remote, Full-Time / Part-Time)

About arenaflex

At arenaflex, we believe that innovation and trust form the foundation of every meaningful digital experience. As a forward-thinking organization operating at the intersection of creativity, technology, and security, arenaflex is committed to building resilient digital ecosystems where imagination thrives and data remains protected. Our global team of dedicated professionals works collaboratively to design, develop, and safeguard platforms that delight millions of users around the world.

We are currently expanding our cybersecurity division and are seeking a talented, driven, and detail-oriented Governance, Risk, and Compliance (GRC) Specialist to join our remote workforce. This is more than just a job — it is an opportunity to make a measurable impact on how arenaflex protects its data, its partners, and its reputation in an increasingly complex threat landscape.

Position Overview

We are hiring an experienced GRC Professional to guide governance, risk, and compliance activities across the organization. The ideal candidate will bring deep expertise in cyber protection, third-party risk management, and regulatory compliance, and will play a central role in ensuring smooth, day-to-day execution of risk-related operations within our cybersecurity team.

Reporting directly to the Manager of Governance, Risk, and Compliance within the Cyber and Data Security division, you will be responsible for supporting arenaflex's global Third-Party/Internal Threat Management Program. You will manage internal security compliance requirements, contribute to the implementation of regulations, policies, and frameworks, and act as a trusted advisor to business stakeholders across multiple regions.

Why This Role Matters

Third-party relationships are among the most significant sources of cyber risk for any modern organization. As a GRC Specialist at arenaflex, you will be at the forefront of identifying, assessing, and mitigating these risks, helping us maintain the trust of our customers, partners, and regulators. Your work will directly support the integrity of our supply chain, the resilience of our operations, and the strength of our overall security posture.

Key Responsibilities

Third-Party / Internal Threat Management (TPRM) Program

• Support arenaflex's global Third-Party/Internal Risk Management program by conducting thorough cyber risk-related due diligence assessments on vendors, partners, and internal stakeholders.
• Validate all incoming third-party and internal threat assessment requests, working closely with business stakeholders to confirm request details and clearly define engagement scope.
• Facilitate kick-off sessions with internal stakeholders and relevant third parties to initiate Third-Party Assessments (TPAs), ensuring alignment on objectives, timelines, and expectations.
• Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, review submitted responses for completeness, and identify risks arising from the design and operational effectiveness of each party's security controls.
• Document all responses, findings, and remediation plans in arenaflex's centralized GRC systems, ensuring data integrity and traceability.
• Draft and review comprehensive assessment reports, collaborating with business stakeholders to ensure timely finalization of reviews and sign-offs.
• Serve as a strong liaison between business units, third parties, and the risk management team, responding to queries related to the risk control methodology and assessment outcomes.
• Perform continuous monitoring of third-party relationships through arenaflex's TPRM platform, tracking new and existing findings and ensuring remediation activities are driven to closure.
• Identify opportunities for continuous improvement within existing TPRM systems, processes, and methodologies, and recommend enhancements to the Risk Lead or Supervisor.
• Collaborate closely with the Risk Lead and Supervisor to schedule and execute a wide range of supporting activities tied to the broader risk management program.

Governance, Risk, and Compliance

• Lead and support the development of cybersecurity risk and compliance-related strategies that align with arenaflex's overall risk appetite and business objectives.
• Maintain and document compliance with information security policies and processes by planning, testing, remediating, tracking, and reporting on control reviews and risk assessments.
• Lead the development and delivery of compliance and risk training programs, as well as ongoing communications that foster a culture of security awareness and regulatory adherence across the organization.
• Stay current on regulatory changes, emerging standards, new technologies, and internal policy updates, using this knowledge to identify new key risk areas and recommend proactive controls.
• Lead efforts to maintain and continuously improve alignment with the ISO 27001 standard, including preparation for certification audits and ongoing surveillance activities.

Knowledge, Skills, and Competencies

Technical and Professional Competencies

• Outstanding stakeholder management skills with the ability to influence and build trust across functions, levels, and geographies.
• Working knowledge of information security best practices and standards, including ISO 27001/27002, SOC 2, SSAE 16/18, and related frameworks.
• Demonstrated experience in the management of risk, controls, and compliance within complex organizational environments.
• Solid understanding of risk evaluation methodologies, both qualitative and quantitative.
• Strong analytical and problem-solving abilities, with a proven capacity to assess complex scenarios and recommend pragmatic solutions.
• Excellent presentation development and delivery skills, with the ability to communicate technical information clearly to non-technical audiences.

Personal Attributes

• Strong interpersonal skills and a collaborative mindset.
• Ability to thrive in a fast-paced environment and remain flexible with working hours, including occasional support for global teams across time zones.
• Excellent communication abilities, both verbal and written.
• Adaptability to changing conditions and a demonstrated ability to drive high-quality change.

Preferred Education and Experience

• Bachelor's or Master's degree from an accredited university in Information Security, Computer Science, Risk Management, Business Administration, or a related field — or equivalent practical experience.
• A minimum of 4 years of experience in third-party risk management, information security, and audit and compliance tracking, with at least 2–3 years specifically focused on TPRM or internal audit.
• Preferred experience working with a large multinational corporation and/or a Big Four accounting firm.
• One or more of the following professional certifications: CISA, CRISC, ISO 27001 Lead Auditor/Lead Implementer, or CISSP.
• Experience with AI/ML applications in cybersecurity or risk management is considered a strong plus.

What We Offer

• A competitive annual salary of approximately $80,000, commensurate with experience and qualifications.
• Fully remote work arrangements with flexible part-time or full-time scheduling options.
• Comprehensive benefits package, including health, dental, and vision coverage, paid time off, and retirement savings contributions (region-dependent).
• Generous learning and development budget, including support for professional certifications, conferences, and continuing education.
• Access to cutting-edge tools, platforms, and methodologies in cybersecurity and risk management.
• A diverse, inclusive, and supportive team culture that values curiosity, ownership, and continuous improvement.
• Clear pathways for career advancement into senior GRC, risk leadership, or specialized cybersecurity architecture roles.

Work Environment and Culture at arenaflex

arenaflex is more than a workplace — it is a community of passionate professionals who care deeply about the work they do and the impact it creates. Our remote-first culture emphasizes trust, autonomy, and accountability, empowering team members to do their best work from wherever they are. We celebrate diversity in all its forms and are committed to building an inclusive environment where every voice is heard and every contribution is valued.

Our cybersecurity team is known for its collaborative spirit, intellectual curiosity, and unwavering commitment to excellence. We invest heavily in our people because we know that great security outcomes are built by empowered, well-supported professionals.

Application Process

If you are an experienced GRC professional looking to take the next step in your career with an organization that values innovation, integrity, and impact, we encourage you to apply. Please submit your updated resume and a brief cover letter outlining your relevant experience and motivation for joining arenaflex.

Apply Now to Join arenaflex

For additional opportunities, please click here to browse more roles.

Interview Preparation Tips

To help you prepare, here are some common questions you may encounter during the interview process, along with guidance on how to approach them:

• Tell me about yourself. Provide a concise summary of your professional background, focusing on cybersecurity, GRC, and risk management experience.
• Why do you want to work at arenaflex? Reference our values, mission, and reputation. Highlight specific aspects of our work or culture that resonate with you.
• What is your greatest strength? Highlight a relevant strength such as stakeholder management, analytical thinking, or a specific technical skill, supported by a concrete example.
• What is your greatest weakness? Be honest, but emphasize how you are actively working to improve — for example, time management or public speaking.
• Describe a challenging situation you faced at work. Use the STAR method (Situation, Task, Action, Result) to demonstrate your problem-solving abilities.
• Why should we hire you? Summarize your qualifications, experience, and enthusiasm for the role, emphasizing what makes you the best fit.
• Where do you see yourself in five years? Share your career aspirations and how they align with arenaflex's growth trajectory.
• What do you know about our products or services? Research arenaflex and reference specific offerings, explaining how your work would support their success.
• How do you handle working under pressure? Describe your ability to stay calm, prioritize effectively, and communicate clearly in high-pressure situations.
• Tell me about a time you worked on a team. Share a successful team project and emphasize collaboration, communication, and problem-solving.
• What is your preferred work style or environment? Be flexible, but also share what enables you to do your best work.
• Do you have any questions for us? Always come prepared with thoughtful questions about team dynamics, expectations, culture, or upcoming initiatives.

Final Thoughts

At arenaflex, you will not just be joining a company — you will be joining a mission. A mission to protect, to innovate, and to inspire confidence in every interaction. If you are ready to bring your expertise, your curiosity, and your passion for cybersecurity to a team that truly values them, we would love to hear from you. Apply today and take the next step in your career with arenaflex.