Middle Cybersecurity Specialist / GRC Specialist (hourly-based)

We are looking for a Middle Cybersecurity Specialist / GRC Specialist to join our team in developing a product for our client based in the USA and Canada. Our client is a globally recognized SaaS company operating in the healthcare domain and dedicated to improving hearing care worldwide. Their platform is used by independent hearing care practices and major retailers across 13 countries.

Required Experience in the following areas:

• Third-party risk management and vendor assessment programs
• Review and analysis of compliance certifications and audit reports, including SOC 1, SOC 2, ISO 27001, ISO 27701, HIPAA, GDPR, PCI-DSS, and similar frameworks
• Understanding of Governance, Risk, and Compliance (GRC) principles and controls
• Ability to assess vendor responses, identify control gaps, and document risks and observations
• Familiarity with information security, privacy, and regulatory requirements applicable to SaaS and healthcare environments
• Strong written communication skills and experience producing professional assessment reports and risk summaries
• Experience working with risk registers, remediation tracking, and vendor due diligence processes

The expected scope of work would include:

• Reviewing vendor-provided security and compliance documentation
• Evaluating certifications, audit reports, questionnaires, and supporting evidence
• Completing our standardized vendor assessment template
• Documenting findings, observations, risks, and recommendations
• Escalating complex or high-risk findings for internal review where required
• Maintaining assessment records and supporting documentation within our document reporting system

We offer friendly working conditions with competitive compensation and benefits including:

• Comfortable working environment
• Friendly team and management
• Free English classes
• Flexible working hours
• Corporate and team building events