Fast Facts

The GRC Audit & Compliance Specialist will ensure compliance with internal policies and external regulations, conducting audits to enhance security and efficiency of information systems at Stride, Inc.

Responsibilities: Key responsibilities include performing compliance audits, evaluating internal controls, collaborating with audit teams, and providing training on IT compliance awareness.

Skills: Required skills include expertise in risk assessments, knowledge of information security standards and frameworks, excellent communication abilities, and project management skills.

Qualifications: Bachelor’s degree in a relevant field and a minimum of five years of experience in IT Security, Audit, or Governance and Compliance are required; relevant certifications are preferred.

Location: This position is remote based in Virginia, USA, with no specified travel requirements.

Compensation: $66519 - $126000 / Annually

Job Description

SUMMARY: The GRC Audit & Compliance Specialist is dedicated to safeguarding Stride’s information systems, IT assets, and intellectual property from cyber threats, unauthorized modifications, disclosures, or destruction. The Specialist will ensure adherence to internal policies and external regulations by continuously monitoring compliance. Performing thorough compliance audits and reporting findings to identify areas for improvement. Evaluate the effectiveness of internal controls and recommend enhancements to boost security and efficiency. The Specialist will assist in the preparation for, and facilitation of assessments and examinations conducted by qualified assessors.

Essential Functions:  Reasonable accommodations may be made to enable individuals with disabilities to perform essential duties.

• Demonstrate experience with risk assessments in conjunction with major regulatory initiatives (e.g., SOX, PCI-DSS, HIPAA, FedRAMP).
• Demonstrate experience with cyber security and information security program management, frameworks, and methodologies (e.g., NIST CSF, ISO/IEC 27000, COBIT, etc.).
• Comprehensively understand and maintain knowledge of applicable standards, requirements, and their application to the enterprise environment in cooperation with operational area SMEs.
• Provide subject matter expertise in the creation, implementation, maintenance of programs, policies, and procedures to be compliant with applicable technology-related regulations.
• Comprehensively perform and monitor IT compliance activities including data collection, analysis, and remediation, working with internal and external audit teams as required.
• Support management in the design and operating efficiency testing of the IT department's control activity processes.
• Review audit assessments conducted by both internal and external audit teams.
• Collaborate with both internal and external audit teams.
• Coordinate external audit request responses and requests
• Provide relevant awareness training to control owners.
• Drive effective collaboration across all lines of business and provide relevant awareness training to control owners on IT compliance awareness.
• Drive continuous quality improvement.

Supervisory Responsibilities: This position has no formal supervisory responsibilities.

Minimum Required Qualifications:  

• Bachelor’s degree in Computer Science, Information Systems, Information Security & Assurance, Information Technology, Audit, or related field required AND
• Five (5) years of experience in IT Security, IT Audit, IT Governance, Risk, & Compliance
• Equivalent combination of education and experience, including prior relevant military service experience.

Certificates and Licenses: None required.

OTHER REQUIRED QUALIFICATIONS: 

• Demonstratable understanding of security controls and risk assessment tools.
• Demonstratable understanding of information security and the relationship between threat, vulnerability, and information value in the context of risk management.
• Demonstratable understanding of risk-based decision-making.
• Demonstratable understanding of leading-edge governance-enabling technologies.
• Ability to develop relationships across functions and inspire trust and confidence through effective communication and interpersonal skills.
• Experience managing cybersecurity controls based on a thorough understanding of industry standards and regulations to protect the company from external and internal threats.
• Excellent communication and presentation skills (verbal and written).
• Project management planning and organization skills.
• Ability to identify, document, and communicate information security issues to business and information owners.
• Ability to maintain the confidentiality of sensitive information.
• Microsoft Office (Outlook, Word, Excel, PowerPoint, Project, Visio, etc.); Web proficiency.
• Ability to clear required background checks.

Desired Qualifications: 

• CISA, CRISC, CISM, SANS, or other relevant information security certifications
• Knowledge of relevant standards such as ISO/IEC 27000 family - Information Security Management Systems, NIST Cybersecurity Framework, NIST 800, and applicable laws related to regulatory compliance, information security, and privacy (e.g., SOX, HIPAA, GDPR, PCI-DSS)
• Experience with developing and maintaining information security policies and standards-aligned to regulatory or other control frameworks such as NIST, SOX, HIPAA, FERPA, etc.
• Prior experience in the Education industry is a plus.
• Knowledge and understanding of information technology and networking concepts.

Work Environment: The work environment characteristics described here represent those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

• This is an office- or home-based position. The noise level in the office is usually moderate (computers, printers, light foot traffic).  

Compensation & Benefits: Stride, Inc. considers a person’s education, experience, and qualifications, as well as the position’s work location, expected quality and quantity of work, required travel (if any), external market and internal value when determining a new employee’s salary level. Salaries will differ based on these factors, the position’s level and expected contribution, and the employee’s benefits elections. Offers will typically be in the bottom half of the range.

We anticipate the salary range to be $66,519.75 to $126,000.00. Eligible employees may receive a bonus. This salary is not guaranteed, as an individual’s compensation can vary based on several factors. These factors include, but are not limited to, geographic location, experience, training, education, and local market conditions. Stride offers a robust benefits package for eligible employees that can include health benefits, retirement contributions, and paid time off. 

Job Type

Regular

The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor. All employment is “at-will” as governed by the law of the state where the employee works. It is further understood that the “at-will” nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer.

If you are a job seeker with a disability and require a reasonable accommodation to apply for one of our jobs, you can request the appropriate accommodation by contacting stridecareers@k12.com.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

Stride, Inc. is an equal opportunity employer. Applicants receive consideration for employment based on merit without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status, or any other basis prohibited by federal, state, or local law. Stride, Inc. complies with all legally required affirmative action obligations. Applicants will not be discriminated against because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.