GRC Advisory Consultant

Expand the Governance, Risk and Compliance Security Consulting Practice. Successful candidates will provide our clients with guidance pertaining to security and privacy regulatory and industry standard requirements, security risk assessments, and GRC consulting.
Key job responsibilities will include:
• Leading vendor risk management engagements and formalized risk analysis engagements.
• Lead and guide information risk and security discussions with technical and non-technical groups
• Identify enterprise information security and compliance related problems and challenges; research and develop technical solutions to rectify them
• Develop and operationalize enterprise information security programs and related components
• Analyze client security programs for maturity and performance relating to industry accepted best practices.
• Develop recommendations for remediating risk and compliance gaps
• Evaluate information security risk in for business environment controls and industry requirements
• Provide client guidance for information security best practices.
• Follow standard methodologies for evaluating industry security controls based on formulized security frameworks.
• Execute in high demanding, fast paced environments with tight deadlines.
• Draft deliverable documentation to meet client security needs
• Create security roadmaps for client security program development and improvement.
Required Qualifications
• BA/BS in information technology or related field preferred
• 5-7 years of experience in security governance, risk assessments and regulatory/controls experience
• CISM, or CISA certification a plus
• Solid understanding of the evolving security and privacy controls environment, regulatory landscape and risk management techniques, principles and practices
• CISSP certification
• Assess clients against a wide variety of security and compliance frameworks including State based privacy and security regulations, SOX, GDPR, NIST-CSF, ISO/27001/2
• Experience and firm understanding of the development and implementation of information security policies, standards and related procedures for security programs
• Ability to provide risk-based recommendations based upon the size and complexity of the client’s organization
• Strong interpersonal and customer relationship skills
• Strong presentation skills with ability to convey ideas at the C-Level.
• Written communication skills for use in preparing formal documentation including deliverables, Statements of Work, proposals, white papers, and case studies
• Verbal skills that include the ability to clearly articulate thoughts, be persuasive and to deliver presentation and training to all levels of management
• Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action
• Ability to interface with C-levels, as well as tactical implementers
• Strong investigative and analysis skills with the ability to handle confidential information
Additional Qualifications
• Consulting experience is a plus
• Privacy experience a plus
• Understanding of available security tools and technologies
• Experience with Archer, OneTrust, Alyne or similar software