Who We Are

• Harte Hanks (NASDAQ: HHS) is a leading global customer experience company whose mission is to partner with clients to provide them with CX strategy, data-driven analytics and actionable insights combined with seamless program execution to better understand, attract, and engage their customers. Using its unparalleled resources and award-winning talent in the areas of Customer Care, Fulfillment and Logistics, and Marketing Services, Harte Hanks has a proven track record of driving results for some of the world's premier brands.

Position Overview

• The Senior GRC Specialist is responsible for assisting in the development, implementation, and management of the company's Governance, Risk, and Compliance (GRC) framework. This role requires a strategic thinker with in-depth knowledge of regulatory requirements, industry standards, and best practices, ensuring that the organization operates within defined risk tolerances and meets its compliance obligations.

Key Responsibilities:

1. Governance:

• Assist in developing and refining information security policies, procedures, and standards.
• Coordinate with different departments to ensure company-wide adherence to security governance principles.

2. Risk Management:

• Lead risk assessments, identify vulnerabilities, and work with relevant departments to mitigate potential threats.
• Collaborate with stakeholders to ensure that risk management efforts align with the organization's objectives.

3. Compliance:

• Ensure that the organization meets its statutory and regulatory requirements.
• Conduct compliance assessments and audits, coordinating with external auditors when necessary.
• Monitor regulatory landscape for changes that will affect information security policy, standards, and procedures.

4. Training and Awareness:

• Assist in developing and delivering GRC-related training and awareness programs.
• Coordinate with HR and other relevant departments to ensure all employees undergo mandatory training.

5. Incident Management:

• Support the incident response team by providing insights on regulatory implications during breaches or policy violations.
• Document incidents, ensuring they are reported in line with regulatory requirements and company policies.

6. Reporting:

• Prepare regular reports on the status of the GRC program for senior management and external stakeholders.
• Analyze GRC data to provide insights and recommendations.

Requirements

• Bachelor's degree in Business, Law, Information Technology, or a related field. Master’s degree is preferred. Relevant experience can be considered.
• 3-5 years of experience in a GRC role or related.
• Profound knowledge of industry regulations, standards, and frameworks relevant to the business (e.g., GDPR, CCPA, ISO 27001, NIST RMF, CSF, HIPAA, SOC2 Type 2, SOX and PCI-DSS).
• Relevant certifications such as CGRC, CISA, CRISC, CGEIT, or similar.
• Strong analytical, organizational, and communication skills.
• Experience with GRC tools such as UpGuard, OneTrust, ZenGRC, RSA Archer and others a plus.

What We Offer

• Group Health and Wellness (Medical, Dental, and Vision)

• Health Savings Account (HSA)
• Educational Assistance
• Voluntary plans, including critical illness, accident, and hospitalization
• 401k plan with Company Match and Roth contributions | Immediate vesting

Equal Opportunity Employer/M/F/H/V