CapTech Consulting

GRC Team Lead

CapTech Consulting$100K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 6+ years in Information Security, Governance/Risk/Compliance, or IT Audit, with leadership experience.
  • Understanding of SOC 2, NIST 800-53, and NIST AI RMF frameworks.
  • Certifications such as ISACA CRISC or CISM required (or to be attained).
  • Ability to communicate technical concepts effectively to non-technical stakeholders.
  • Strong analytical, problem-solving, and decision-making skills.

Responsibilities

  • Lead and develop a GRC analyst, setting team priorities and managing escalations.
  • Execute hands-on assessments, engineering, and analysis while coordinating team operations.
  • Set strategic direction for the GRC program with autonomy to make decisions.
  • Define goals, metrics, and quality standards for the GRC team; participate in performance reviews.
  • Report risk and compliance metrics to executive leadership in business terms.
  • Own and enhance compliance programs for SOC 2, NIST 800-53, and applicable privacy regulations.
  • Manage third-party risk assessments and vendor security evaluations.

Benefits

  • Comprehensive health coverage and generous time off.
  • Learning and Development programs for certifications and skill development.
  • Modern Health platform for mental health and well-being support.
  • Inclusive fertility and family-forming coverage through Carrot Fertility.
  • Flexible benefit stipend program for personalized lifestyle benefits.
  • 401(k) matching with no vesting period to support financial wellness.
Full Job Description
Job Description

The Information Security GRC Team Lead leads CapTech's Governance, Risk, and Compliance (GRC) function, helping set the strategy and owning the execution, and continuous improvement of the programs that keep CapTech and our clients secure and compliant. This is a hands-on leadership role: you will lead and mentor a GRC analyst while remaining personally engaged in the work, running assessments, engineering automation, and setting technical direction.

You will own CapTech's compliance posture across SOC 2, NIST 800-53, and NIST AI RMF, along with applicable privacy regulations; mature our third-party risk management program; modernize the GRC function through automation and GRC engineering; and establish the governance practices that allow CapTech to adopt AI safely. This position reports to the Head of Information Security and operates with a high degree of autonomy to make decisions and set direction with minimal oversight.

Key Responsibilities:

Leadership & Team Management
  • Lead, mentor, and develop a GRC analyst, setting priorities, coaching for growth, and serving as the escalation point for complex risk and compliance matters.
  • Operate as a player-coach: remain hands-on in assessments, engineering, and analysis while coordinating the team's day-to-day execution and quality.
  • Help set the strategic direction and roadmap for the GRC program, driving initiatives to completion and making decisions independently with minimal oversight.
  • Define goals, metrics, and quality standards for the team; provide input into performance reviews and team goals; and participate in hiring, onboarding, and career development.
  • Report on risk and compliance posture to executive leadership, translating technical risk into business terms for non-technical stakeholders.

Governance, Risk & Compliance
  • Own and mature CapTech's compliance programs across SOC 2, NIST 800-53, and NIST AI RMF, ensuring controls are well-designed, operating effectively, and continuously monitored.
  • Extend the compliance program to applicable privacy and regulatory obligations, including HIPAA and GDPR/CCPA, as driven by CapTech's client base.
  • Lead internal control assessments, gap analyses, and audit-readiness activities; manage external audits and coordinate evidence collection end to end.
  • Develop, maintain, and enforce the information security policy suite, partnering with policy owners to keep documentation current and aligned to controls.
  • Identify, assess, and prioritize information security risks; drive remediation to closure against SLAs, negotiating compensating controls with stakeholders where appropriate.

Third-Party Risk Management
  • Own and enhance the Third-Party Risk Management (TPRM) framework, policy, process, and supporting technology in alignment with SOC 2 requirements.
  • Oversee technical risk evaluations and due diligence of third-party vendors, tools, and services, and recommend actions to strengthen vendor security posture.
  • Lead responses to inbound client and partner security questionnaires, and support business development and contract-negotiation teams to ensure security terms align with RFPs and agreed contracts.

GRC Engineering & Automation
  • Own and administer CapTech's GRC / compliance-automation platform, driving continuous control monitoring and automated evidence collection.
  • Design and build workflow automations and integrations across security, IT, and compliance tooling to reduce manual effort, improve data quality, and accelerate audit readiness.
  • Instrument GRC metrics, dashboards, and reporting so that control health and risk posture are continuously visible to stakeholders.

AI Governance & AI-Enabled GRC
  • Establish and run CapTech's AI governance program (covering AI-use policy, model/tool inventory, and risk assessment), aligned to recognized frameworks such as the NIST AI Risk Management Framework and ISO/IEC 42001.
  • Assess and govern the risk of AI tools and AI-enabled vendors, integrating AI risk into the existing TPRM and control frameworks.
  • Leverage AI responsibly to accelerate GRC work, using large language models to draft and maintain policies, cross-walk controls across frameworks, and analyze and respond to security questionnaires.
  • Build AI-enabled automations and agents to streamline GRC tasks such as evidence review, risk triage, and reporting.
  • Serve as a subject-matter advisor on AI risk and secure AI adoption for CapTech.

Security Awareness & Reporting
  • Own the security awareness and training program, including selection, delivery, and new-hire training aligned to company policy.
  • Produce technical and executive-level reporting on the effectiveness of the information security and compliance program.


Qualifications

Basic Qualifications
  • 6+ years of experience in Information Security, Governance/Risk/Compliance, IT Audit, or a related field, including prior experience leading or mentoring team members or driving major security and compliance initiatives.
  • Working understanding of SOC 2, NIST 800-53, and NIST AI RMF or similar frameworks required.
  • One or more of the following certifications, or an agreed certification to be attained within an agreed timeframe: ISACA Certified in Risk and Information Systems Control (CRISC) or ISACA Certified Information Security Manager (CISM).
  • Demonstrated ability to communicate technical risk in non-technical terms to executives and business stakeholders.
  • Strong problem-solving, analytical, and critical-thinking skills, with the proven ability to set direction and make decisions independently.

Preferred Qualifications
  • Additional certifications such as Certified Information Systems Auditor (CISA), Certified in Governance, Risk and Compliance (CGRC), or equivalent risk/audit/compliance credentials.
  • Hands-on experience owning or administering a GRC / compliance-automation platforms
  • Experience automating GRC workflows through scripting or integration tooling (e.g., Python, PowerShell, APIs, or iPaaS / no-code automation platforms).
  • Experience establishing or operating an AI governance program, with familiarity in the NIST AI RMF and ISO/IEC 42001.
  • Experience with privacy and regulatory frameworks such as HIPAA and GDPR/CCPA.
  • Prior experience in a consulting environment or supporting Fortune 100 and other regulated clients.
  • Prior experience with vendor management and third-party risk assessments.
  • Strong knowledge of the Microsoft Office suite of tools.


Additional Information

We want everyone at CapTech to be able to envision a lasting and rewarding career here, which is why we offer a variety of career paths based on your skills and passions. You decide where and how you want to develop, and we help get you there with customizable career progression and a comprehensive benefits package to support you along the way. Alongside our suite of traditional benefits encompassing generous time off, health coverage, disability insurance, paid family leave and more, we've launched extended benefits to help meet our employees' needs.
  • Learning & Development - Programs offering certification and tuition support, digital on-demand learning courses, mentorship, and skill development paths
  • Modern Health -A mental health and well-being platform that provides 1:1 care, group support sessions, and self-serve resources to support employees and their families through life's ups and downs
  • Carrot Fertility -Inclusive fertility and family-forming coverage for all paths to parenthood - including adoption, surrogacy, fertility treatments, pregnancy, and more - and opportunities for employer-sponsored funds to help pay for care
  • Fringe -A company paid stipend program for personalized lifestyle benefits, allowing employees to choose benefits that matter most to them - ranging from vendors like Netflix, Spotify, and GrubHub to services like student loan repayment, travel, fitness, and more
  • Employee Resource Groups - Employee-led committees that embrace and incorporate diversity and inclusion into our day-to-day operations
  • Philanthropic Partnerships - Opportunities to engage in partnerships and pro-bono projects that support our communities.
  • 401(k) Matching - Generous matching and no vesting period to help you continue to build financial wellness

CapTech is committed to providing a flexible work environment and helping our employees achieve a work-life balance that suits their individual needs. Employees must be available to work onsite in a client location or a CapTech office as requested. We allow CapTech employees to work remotely when compatible with CapTech and client needs.

About CapTech Consulting

CapTech is a national IT management consulting firm that partners with some of the world's most successful companies to achieve their strategic and operational objectives. CapTech's services include management consulting, digital transformation, technology strategy, data and analytics, custom application development, and IT transformation. The company was founded in 1997 and is headquartered in Richmond, Virginia. CapTech has offices in several cities across the United States, including Atlanta, Boston, Charlotte, Chicago, Columbus, Denver, Houston, Los Angeles, New York, Philadelphia, and Washington, D.C.
Learn more about CapTech Consulting
Size
1,000 employees
Industry
Founded
1997

Similar Jobs

More Jobs at CapTech Consulting

More Information Technology Jobs

Find similar GRC Team Lead jobs: