GRC Senior Consultant - Remote

GRC Senior Consultant

Zaviant, headquartered in Philadelphia, is a boutique consulting firm specializing in Data Security, Privacy, and Third-Party Risk Management. Zaviant helps organizations build effective and sustainable solutions to protect data and comply with complex and evolving regulatory requirements.

Descriptions

The successful candidate is a hard-working, self-motivated, data security professional who can help companies evaluate and enhance their data protection processes according to applicable regulations and best practices.  You will manage and support client initiatives to operationalize data security by effectively collaborating with internal and external stakeholders and implementing new processes, procedures, and technological solutions. You will mentor and share learnings with colleagues to foster a learning culture.

Responsibilities

• Uses risk assessment methodologies to identify residual risk and control strengthening opportunities.
• Assists process owners and control owners identify gaps in control design and control operating effectiveness of IT general controls and related remediation measures.
• Assists in identifying the opportunities for using automated computer assisted audit techniques as necessary to reduce resource impact.
• Maintains an awareness of existing and proposed security-setting groups, State and Federal legislation, and regulations pertaining to information security and identifies regulatory changes that will affect information security policy, standards, procedures, controls, and recommended appropriate changes.
• Help clients address security-related controls risks and issues
• Proactively interact with clients to gather information, resolve problems, and make recommendations for improvements
• Collaborate with team members at all levels in the development and marketing of the data security solution offering
• Execute security assessments and audits against various frameworks
• Work with various partners and technology vendors to develop joint solutions
• Support multiple engagements in a rapidly growing, fast-paced, interactive, results-based small team environment

Qualifications

• Bachelor’s Degree in Information Systems, Computer Science, or a related discipline and
• 5-8 years of experience focused on information systems and security audit, consulting, or an equivalent breadth of experience in information security, systems, and network technology.
• Preferred certifications obtained or being pursued: Security+, Certified Information Systems Auditor (CISA), Certified in Risk and Information System Controls (CRISC), Certified Information Security Professional (CISSP).
• Competency in the areas of IT general computer controls specifically in information security, logical access, physical security, change management, application controls, interfaces, backup and recovery, and computer operations.
• Working knowledge of IT auditing and compliance practices.
• Able to independently evaluate the effectiveness of security controls.
• Experience leading a team of cyber security professionals.
• Working knowledge of the NIST Cyber Security Framework, additionally, knowledge of PCI and Data Privacy & Protection regulations desired - GDPR, CCPA, HIPAA, SOC 1, SOC 2.
• Big 4 public accounting or consulting experience is a plus.
•  

Skills and Abilities

• Excellent communication and presentation skills.
• Strong process documentation and reporting capabilities.
• Self-motivated and self-directed.
• Cross-functional solid team leader and collaborative approach to problem-solving.
• General knowledge of Governance, Risk, Compliance (GRC) tool sets.

Additional Requirements

• The successful candidate must not be subject to employment restrictions from a former employer (such as a non-compete) that would prevent the candidate from performing the job responsibilities as described.

Benefits

• Competitive salary and bonuses
• Medical/Dental/Vision benefits

• Excellent 401K employer match