Mid-Level GRC Intelligence Specialist (Contractor)

About Trustero

Trustero develops innovative AI-driven solutions that automate time-consuming GRC activities such as gap analysis, remediation guidance, questionnaire response, and evidence collection. The company’s technology streamlines how security and risk teams identify compliance gaps, recommend remediations, and maintain continuous readiness. By combining automation and intelligence, Trustero helps organizations save time, reduce costs, and operate their GRC programs more efficiently while staying fully compliant with industry and regulatory standards.

About the Role

As a GRC Intelligence Specialist (Contractor), you’ll create structured GRC content that powers and informs our AI systems. This is a hands-on role focused on producing high-quality, structured GRC content aligned with industry frameworks and audit requirements.

This position reports directly to the Head of GRC and works closely with our Product and Engineering teams. It’s an ideal fit for someone with a solid GRC foundation who wants to gain practical AI and LLM experience in a fast-moving, product-led environment.

• Create and refine GRC content (controls, policies, risk statements, validation prompts, control testing procedures) in a standardized format optimized for use within our AI multi-agent system.

• Translate complex compliance requirements into clear, structured, machine-readable content that aligns with audit and assurance standards.

• Leverage deep knowledge of frameworks such as SOC 2, ISO 27001, ISO 27701, NIST CSF, CIS, and HIPAA to ensure technical accuracy and real-world audit applicability.

• Ensure content consistency, clarity, and completeness through internal QA review cycles with the Head of GRC.

• Support ongoing development of Trustero’s GRC knowledge base and playbooks for internal product enablement.

• Collaborate with Product and Engineering to identify opportunities to improve AI GRC performance and content model behavior.

Education:

• Bachelor’s degree in Information Systems, Cybersecurity, or a related field.

• Professional certifications (CISA, CISSP, or equivalent) preferred but not required.

Experience:

• Minimum 5 years of audit and compliance experience, including audit readiness and testing support.

• Prior experience consulting in the InfoSec or GRC space with exposure to 5–10+ clients annually in mid-enterprise or SaaS environments.

• Strong understanding of control testing evidence, sampling, and validation methods.

• Experience authoring or reviewing compliance documentation such as policies, controls, and risk registers.

• Deploying/managing/auditing of common regulations and frameworks like ISO27001, ISO42001, SOC1, SOC2, HITRUST, HIPPA, NIST CSF, NIST 800-53, NIST 800-171, CMMC, FedRAMP, etc.

Skills:

• Strong attention to structure and detail — able to follow and apply standardized content patterns.

• Familiarity with multiple compliance frameworks and their intersections.

• Clear written communication and ability to distill complex information into reusable components.

• Comfortable working in a fast-paced, collaborative, remote environment.

Characteristics:

• Analytical, pragmatic, and curious about AI’s role in modern GRC.

• Organized and self-directed, with strong accountability to deliver high-quality work under minimal supervision.

• Eager to learn and adapt in a product-led setting where compliance meets automation.