Senior Specialist- Governance, Risk and Compliance

Mark43 is approved to hire in Canada, the UK, and 36 U.S. states, including Alabama, Arizona, California (excluding San Francisco), Colorado, Connecticut, Washington D.C., Florida, Georgia, Iowa, Idaho, Illinois, Indiana, Kansas, Massachusetts, Maryland, Maine, Michigan, Minnesota, Missouri, North Carolina, Nebraska, New Hampshire, New Jersey, New Mexico, New York, Ohio, Oklahoma, Oregon, Pennsylvania, South Carolina, Tennessee, Texas, Utah, Virginia, Vermont, Washington, Wisconsin, and West Virginia. Before applying to a remote role, please ensure that you are able to perform the position in one of the states listed above. State locations and specifics are subject to change as our hiring requirements shift.

Applicants must be authorized to work for any employer in the country in which the role is being hired. We are unable to sponsor or take over sponsorship of an employment visa at this time.

Mark43’s mission is to empower communities and their governments with new technologies that improve the safety and quality of life for all. We build powerful, scalable, and elegant software that sets a new standard for the tools upon which our first responders rely. Our users operate in high stakes environments, and we are committed to building secure, resilient systems they can trust. We are equally committed to embracing diversity of thought and experience within our team.

We are looking for a Senior Specialist, Governance, Risk & Compliance to join our team, reporting to our Senior Director of GRC. This UK based role will play a critical part in strengthening and scaling our global compliance programme. You will help maintain ISO 27001 certification, drive HIPAA compliance initiatives, and support the expansion into additional ISO frameworks.

This role requires a deep understanding of governance, risk, and compliance practices within SaaS environments. The ideal candidate is both strategic and hands on, capable of designing and improving robust GRC processes while partnering closely with cross functional stakeholders across the UK and US.

What you can expect to work on

• Develop, implement, and continuously improve security policies, procedures, and standards to ensure compliance with ISO 27001, HIPAA, GDPR, and other applicable frameworks.

• Maintain and enhance our ISO 27001 certification, including control oversight, evidence collection, internal audits, and external audit support.

• Lead HIPAA readiness and compliance initiatives, translating regulatory requirements into practical, scalable controls.

• Support the evaluation and adoption of additional ISO frameworks as the business grows internationally.

• Conduct risk assessments, identify potential risks, and develop mitigation strategies in partnership with Engineering, Product, IT, and Legal teams.

• Manage control maturity initiatives and drive continuous process improvement across GRC activities.

• Respond to security questionnaires, customer due diligence requests, and third party audits with clarity and efficiency.

• Evaluate systems and cloud hosted environments for compliance with published standards, including architecture, monitoring, logging, and security configuration requirements.

• Manage exceptions and track remediation activities related to security controls.

• Deliver training and awareness initiatives that strengthen understanding of security and compliance responsibilities across the organisation.

• Serve as a subject matter expert in Information Security, communicating effectively with both technical and non technical audiences.

• Handle the detailed documentation, follow ups, and coordination that keep a global compliance programme running effectively.

What we expect from you

• Five to eight years of experience in a GRC role within a SaaS or technology environment operating in regulated industries.

• Demonstrated hands on experience maintaining ISO 27001 certification, including ownership of control operation, internal audit coordination, corrective actions, and external audit support.

• Direct experience supporting or leading HIPAA compliance initiatives, including translating regulatory requirements into operational controls and partnering with technical teams to implement safeguards.

• Strong working knowledge of operating within an ISO aligned Information Security Management System, including risk registers, Statements of Applicability, control testing, continuous monitoring, and management review processes.

• Deep understanding of risk management principles and practical experience conducting formal risk assessments.

• Experience working cross functionally with Engineering, IT, Security, Legal, and Operations teams to operationalise controls without creating unnecessary friction.

• Ability to independently facilitate audits, risk assessments, and compliance initiatives, managing timelines, stakeholders, and follow ups with minimal oversight.

• Strong communication skills, with the ability to translate complex regulatory and audit requirements into clear, actionable guidance for both technical and non technical audiences.

• Relevant certifications such as ISO 27001 Lead Auditor, CISA, CISM, CRISC, or similar are a plus.

People who thrive on our team also tend to share the following characteristics: 

• Humble, open, and curious. 

• Attentive, active listeners. You are interested in what others have to say and illustrate your interest with your actions. 

• Resilience. You do not shy away from challenging work, and you proactively help your team solve problems. 

• Enthusiastic collaborators. You understand that the best outcomes are achieved through shared ownership and seek to spread knowledge and expand participation rather than restrict it. 

• Comfortable with uncertainty. You know that sometimes problems and situations can’t be simplified or fully understood and are at ease working within this type of haziness. 

• Passionate about personal growth. You view mistakes as opportunities for learning, and want to grow as a designer, colleague, and person. 

• Eager to help others. You look for ways to provide support for more junior members of the team and develop cooperative working relationships. 

Our Privacy Notice describes how Mark43 uses and protects the personal information of prospective employees during the recruitment process. It informs you about our handling of the personal information you provide to us when you apply for a position in our organization and in general when you express your interest in joining our team.

As a part of Mark43's security measures all employees must: Engage in appropriate use of the company's electronic information resources; Become knowledgeable about and follow relevant security policies and guidelines; Protect the resources under their control, such as passwords, computers, and data that they create, receive, or download; and Promptly report security-related incidents and violations, and responding to official reports of security incidents involving their systems or accounts.

Mark43 is committed to the full inclusion of all qualified individuals. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. As part of this commitment, we will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed, please email [email protected] requesting the accommodation.