GRC ServiceNow Implementation Lead

Job Title: Information Security Consultant

Duration: 12+ Months Contract

Location: 100% Remote

Important Notes from client

Integrating ServiceNow and GRC (Gov Risk and Compliance

System has been built.

Knowledge of ServiceNow is more important than GRC but both are required

Within the IRM module of ServiceNow the key piece is Risk and then Policy

Need to have a blended skill set of business and some technical configuration

The role is more process and data related than configuration but there is some configuration as

well

No certs are needed. If you do have cert's the best would be CISA or C-risk

Any ServiceNow training would be good to have

Qualifications:

The ideal candidate should have 3–5 or more years of hands-on experience implementing ServiceNow Integrated Risk Management (IRM) and TPRM solutions, with direct exposure to Risk

Management, Policy and Compliance, Issue Management, and Third-Party Risk Management (TPRM) capabilities.

They should have broader Governance, Risk, and Compliance (GRC) experience in areas such as cyber risk, regulatory compliance, audit, or third-party risk, with a strong understanding of frameworks such as NIST, ISO 27001, SOC, and SOX, as well as familiarity with first-, second-, and third-line operating models.

The candidate must demonstrate the ability to translate business and regulatory requirements into scalable system configurations—for example, converting policy requirements into control logic, risk appetite into scoring models, and regulatory expectations into workflows.

Strong functional implementation experience is required, including leading design workshops, advising on out-of-the-box versus customized solutions, supporting user acceptance testing, and triaging configuration issues.

They should also possess solid knowledge of the ServiceNow platform, including data models, workflows, reporting, and access controls, and be comfortable documenting design decisions and operating procedures while communicating effectively with cross-functional stakeholders across GRC, IT, audit, and vendor management teams.

Responsibilities:

This individual will serve as GRC ServiceNow Implementation Lead for the implementation/execution of Snow IRM and TPRM modules used by the cyber GRC teams.

They will be responsible for working with GRC and other internal teams (and the implementation partner) to provide input into functional design, configuration, and rollout of ServiceNow

Integrated Risk Management and Third-Party Risk Management capabilities in alignment with

enterprise GRC processes and objectives.

The role leads the translation of business requirements into scalable platform configurations by converting policies into control logic, risk appetite into scoring models, and regulatory requirements into workflow-driven processes.

They support end-to-end implementation activities, including configuring risk frameworks, control structures, third-party lifecycles, and issue management processes, while overseeing workflow design, approvals, routing, and reporting capabilities.

The role also contributes to testing and validation efforts by supporting user acceptance testing, identifying and triaging configuration issues, and ensuring quality and consistency across modules.

Additionally, the individual may document design decisions, configuration rationale, and operating procedures to support long-term sustainability and audit readiness, while serving as a key liaison across cyber risk, compliance, audit, and technology teams to ensure cohesive delivery of IRM and TPRM capabilities.