Senior Governance, Risk, & Compliance (GRC) Specialist

Description
YOUR ROLE
As a Governance, Risk, & Compliance (GRC) Specialist, you will support and eventually lead our Governance, Risk, and Compliance (GRC) program. You will ensure our security practices meet industry standards, manage audits, and collaborate with teams to maintain compliance.
WHAT YOU'LL DO

• Assist in developing, updating, and maintaining security policies, risk assessments, and compliance documentation to support GRC activities.
• Lead the planning, execution, and follow-up of SOC 2 Type 2 audits, including evidence collection and coordination with external auditors.
• Expand the SOC 2 audit scope to incorporate additional business units and integrate privacy controls into the Trust Services Criteria.
• Leverage tools to automate compliance controls and monitor systems for continuous audit readiness.
• Conduct third-party vendor risk assessments and collaborate with teams to mitigate identified risks.
• Perform regular user access reviews for AWS and other critical systems to enforce least privilege and ensure security.
• Respond to security questionnaires and provide compliance documentation to clients, partners, and auditors.
• Partner with engineering, product, and legal teams to integrate compliance requirements into product development and business processes.
• Monitor regulatory developments and adjust the compliance program to maintain alignment with industry standards.
• Support the development and delivery of compliance training and awareness programs for internal teams
• Other duties and responsibilities as assigned

Requirements
Flexible Workplace
This role is a flex office/home role and comes with the expectation you will engage onsite a certain number of working days per month, in our brand-new office located in Dublin, Ohio, with your Bold Penguin colleagues and customers. On-site workdays will be managed at the team level to maintain an environment focused on work-life balance, innovation velocity, and the delivery of exceptional customer experiences.
In this role, you will be expected to work 20% of working days per month (4 days per month on average) in the office. This is a minimum expectation. All employees are welcome to work in the office as much as they like. Applicants must be local (within 35 miles) to Dublin, Ohio.
Skills & Experience

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or relevant work experience.
• 5+ years of relevant work experience with 2+ years of experience in security, compliance, or risk management, preferably in tech or startups.
• Knowledge of SOC 2 Type 2 audits, compliance frameworks, and privacy regulations.
• Strong communication, organizational, and detail-oriented skills.
• Ability to adapt and learn quickly in a fast-paced environment.
• Proficiency with compliance tools (e.g., Drata) and cloud platforms (e.g., AWS).
• Preferred, but not required: Certifications such as CISA, CRISC, or CIPP/US.

Physical Requirements

• Must be able to sit/stand/walk for prolonged periods of time, (up to 8 hours per day) at a desk working on a computer.
• Must be able to use standard office equipment for extended periods of time, including but not limited to, a mouse, keyboard, phone and video conferencing.

Summary
Bold Penguin is a leading integrated digital solution platform dedicated to simplifying small commercial insurance. Our technology makes the quote and bind process quick, effortless, and profitable for all parties - agents, brokers, and carriers. Bold Penguin's innovative product suite has digitized and transformed a slow, manual process resulting in reduced costs, increased efficiency, and better overall outcomes. For more information, please visit www.boldpenguin.com .
Or, simply put.... We simplify commercial insurance.
Benefits
We offer competitive compensation and progressive benefits that include:

• Medical, Dental, and Vision
• Flexible PTO Policy
• 401(k) with a company match
• Employee Assistance Program
• Parental Leave
• Disability and Life Benefits

Stay connected to the Glacier. We have great SLACK channels for work and play. We also like to video conference and hold all-hands "Waddles" regularly.
Penguin bling. Like swag themed after a certain Antarctic bird? Just. You. Wait.
Bold Penguin believes in inclusion. That's why we're proud to be an equal opportunity employer that considers all qualified applicants regardless of race, color, religion, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. To learn more about our results-focused culture and employee-focused perks, read more on our careers page .