GRC Implementation Consultant - OneTrust

The IT/OT GRC Solution Engineer will serve as the technical owner and system administrator for the organization's Governance, Risk, and Compliance (GRC) platforms - including OneTrust.  This role is responsible for the configuration, integration, and lifecycle management of these systems, ensuring they effectively support IT General Controls (ITGCs), Data Privacy, Cookie Compliance, IT Risk Management. 

Responsibilities

Develops and Maintains:

• GRC system configurations, data models, and workflow designs to support evolving compliance and risk processes.
• API integrations between OneTrust and (e.g., identity management, ServiceNow CMDB, and ticketing tools).
• Dashboards, reports, and analytics to deliver real-time insights into control health, risk exposure, and remediation progress.
• Document system configurations, data flows, and integration logic for audit and change tracking purposes.

Governs:

• Govern the intake of platform releases by reviewing vendor release notes, solution and process impacts, coordinating change activities, and communicating applicable enhancements to end users in accordance with IT change and release management practices.

Coordinates:

• Act as the primary liaison between IT, GRC program owners, internal audit, and vendors for issue resolution, release scheduling, and platform enhancements.
• Coordinate bug triage, feature requests, and enhancement prioritization with system vendors and internal stakeholders.
• Partner with cybersecurity, COE, Audit, IT operations, and OT teams to ensure GRC systems align with broader governance and risk strategies.
• Support end users by managing system access requests, permissions, and troubleshooting assistance.
• Support existing solutions such as cookie compliance, data privacy solutions (DPIA, PIA, DSAR, ROPA, etc), exception requests, OT controls. 

Assesses/Monitors:

• System performance, integration reliability, and data accuracy, identifying opportunities for optimization.
• Assess automation and workflow effectiveness, recommending configuration or process improvements.
• Plus reports on enhancement and defect resolution metrics, ensuring timely execution and documentation.
• Evaluate new GRC capabilities or vendor releases to determine alignment with business needs and technology roadmap.

Skills & Competencies

• Experience supporting or engineering GRC platforms - OneTrust.
• Strong hands-on experience with system configuration, user administration, data management, and workflow customization.
• Experience in API development and integration.
  • Must be able to develop with FreeMarker (FTL) - Used by OneTrust-native Logic
  • Preferred additional know of RESTful APIs for API communications, JavaScript  for middleware/webhooks, Python/PowerShell for automation & orchestration and Json for data formatting.
• Solid understanding of IT service management processes-change, release, incident, and configuration management (aligned with ITIL).
• Working knowledge of governance frameworks (NIST CSF, COBIT 2019, ISO 27001), and data privacy, and GRC best practices.
• Strong analytical skills, including proficiency with reporting and visualization tools (e.g., Power BI, Tableau).
• Excellent documentation, troubleshooting, and cross-team communication skills.
• Achieve:
  • Maintain stable, secure, and high-performing GRC platforms that support compliance, audit, and cybersecurity needs
  • Streamline ITGC, Risk, and Issues automation and workflow integration.
  • Deliver faster, more reliable platform enhancements and data-driven insights for decision-making.
  • Strengthen governance maturity across IT and OT through scalable, well-managed GRC technology solutions.

Capabilities

ServiceNow CMDB - OneTrust Integration

• ServiceNow APM Record creates/updates OneTrust Inventory Assets
• Asset record creation/update triggers ITRM Risk Assessment 
• ITRM Risk Assessment triggers 
  • Control Templates 
  • Control Profiles (internal integration supporting the timing for these to run).
  • Updates to Risk
  • Updates to Asset record custom attributes
• Control Templates trigger:
  • Control Implementations
  • Evidence Collection
  • Issues - Remediation Plans/Exceptions
  • Risk scoring
  • Updates to Asset Record custom attributes
  • ServiceNow Tickets 
• Custom Dashboard
• API integrations between OneTrust and (e.g., identity management, ServiceNow CMDB, and ticketing tools).

Modules

Risk Management

• Setup
  • Categories
  • Workflows
  • Templates
  • Automation Rules
  • Control Profiles
  • Attribute Manager
• Standards and Frameworks
  • Custom Frameworks
• Libraries 
  • Control library
  • Evidence Task Library
  • Risk Library 
• Inventory
  • Assets
• Assessments
  • ITRM and Control
• Controls
• Evidence Tasks
• Issues Register
• Risk Hierarchy List

Access Management

• Custom Roles
• Custom Org Structure

Insights Dashboard

• Risk
• Issues
• Assets
• Controls