IT Governance Risk Compliance Specialist

The IT Governance, Risk & Compliance (GRC) Specialist is a key member of the IT and security team, responsible for managing, enhancing, and supporting the organization’s governance, risk management, and compliance initiatives. This role ensures continuous readiness for regulatory requirements, internal policies, and industry standards, while partnering with Security Operations and Infrastructure teams to convert expectations into manageable processes. The GRC Specialist assists in audits, risk assessments, compliance documentation, and maintains a strong security and governance posture.

The Exponential Technology Group (XTG) is a specialist in the electronic component distribution and design engineering services industries.  XTG is part of the TTI Family of Companies. This position can be on-site / hybrid or remote position with the ideal candidate located in the DFW market. 

ACCOUNTABILITIES:

Governance: Help create, maintain, and promote compliance with IT/security policies mapped to frameworks (NIST 800-171, ISO 27001, CMMC, GDPR, ITIL). Establish control baselines and collaborate with Security Ops for implementation. Run Policy Council cadence with stakeholders.

Risk Management: Establish and maintain IT risk register. Conduct IT risk assessments and support POA&M remediation. Monitor and report on risk posture and compliance gaps. Coordinate business impact analyses aligned with DR/BCP.

Compliance & Audit: Guide CMMC Level 2 program management (gap analysis, POA&M tracking, evidence collection). Maintain DFARS, ITAR, GDPR, and other global regulatory requirements. Orchestrate internal/external audits and remediation. Prepare and maintain audit documentation for internal and external assessments. Maintain centralized evidence repository.

Operational Support: Collaborate on patching, access reviews, and configuration compliance. Assist in business continuity and disaster recovery planning documentation.

Security Alignment: Partner with Security Ops on controls to meet regulatory obligations. Own compliance documentation for incidents and lessons learned.

Third-Party & Supply Chain Risk: Run vendor due diligence and review contract/security clauses. Track service provider controls and exceptions.

Privacy: Coordinate with Legal/HR on privacy impact assessments, data mapping, retention, and transfers. Confirm global privacy alignment in tooling and processes.

Training & Awareness: Create annual compliance training and maintain records. Provide targeted sessions for admins on evidence quality and audit readiness.

Reporting: Generate compliance dashboards and risk reports for leadership review. Deliver monthly compliance and risk dashboards. Provide quarterly briefings to leadership.

EDUCATION & EXPERIENCE:

Bachelor’s degree in Information Technology, Cybersecurity, or related field (or equivalent experience) and four (4) – seven (7) years in security, compliance, audit with three (3) years managing GRC programs.

SKILLS & CERTIFICATION:

• Hands-on experience with NIST 800-171/CMMC, DFARS, ITAR, GDPR.
• Knowledge of governance, risk, and compliance frameworks (ISO 27001, NIST, CMMC, GDPR).
• Familiarity with IT security controls and audit processes.
• Experience with audits, POA&Ms, evidence repositories.
• Strong analytical, documentation, and communication skills.
• Experience with GRC tools (e.g., ServiceNow GRC, Archer) is a plus.
• Strong understanding of security operations.
• Preferred Qualifications:
  • CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, CMMC RP/CP.
  • CompTIA Security+ (for security knowledge).
  • DoD/government contractor experience.
  • Exposure to Berkshire Hathaway audit practices.
• Tools & Stack Exposure:
  • GRC/IRM platforms
  • Microsoft 365 Defender, Sentinel, Entra ID
  • Jira/ServiceNow
  • SharePoint, vulnerability scanners, backup/DR tools

What we offer our team members:

• A great benefits package that includes (but is not limited to): Medical/ Dental/ Vision, 401(k)/Roth plan with matching, Healthcare Savings Accounts.Educational Assistance (Tuition Reimbursement).
• Ongoing training throughout your employment with opportunities to participate in professional and personal development programs.
• A strong focus on giving back to our communities through philanthropic opportunities.
• Great culture and opportunities for growth and advancement.

This is a summary of the primary accountabilities and requirements for this position.  The company reserves the right to modify or amend accountabilities and requirements at any time at its sole discretion based on business needs.  Any part of this job descriptions is subject to possible modification to reasonably accommodate individuals with disabilities. 

This position requires use of information or access to hardware which is subject to the International Traffic in Arms Regulations (ITAR). To perform the position, you must be a U.S. Person as defined by ITAR. ITAR defines a U.S. person as a U.S. Citizen, U.S. Permanent Resident (i.e. ‘Green Card Holder’), Political Asylee, or Refugee.

Visa sponsorship is not available for this role.  Only candidates authorized to work in the United States will be considered. 

Exponential Technology Group, Inc. (XTG) is an Equal Opportunity Employer, and we support protected veterans and individuals with disability thorough our affirmative action program.  XTG is a subsidiary of TTI, a wholly owned subsidiary of Berkshire Hathaway Inc.