GRC Consultant
United States - Remote
Full Time Mid-level / Intermediate Clearance required USD 35K - 65K *
BlueVoyant
Location: Remote in the United States East Coast preferred
US Citizenship Required
The Position:
The GRC Consultant works with Conquest clients and internal organization stakeholders to assess and prioritizes information security and cybersecurity risk across client organizations. The GRC Consultant will be an integral resource to the internal organization to ensure systems are designed and managed in accordance with customer regulatory requirements. This individual will serve as the subject matter expert for all compliance matters for Conquest clients, guiding them on managing their organization securely, up to and including regulatory audits.
Responsibilities:
- Conduct comprehensive assessments of clients' current security posture and compliance status in accordance with governing regulatory standards.
- Provide expert guidance and recommendations on implementing technical, administrative, and operational controls to address regulatory security requirements effectively.
- Collaborate with clients and other members of the organization to develop tailored strategies and roadmaps for achieving and maintaining compliance with regulatory requirements.
- Consult on architectural design to ensure alignment with security best practices and regulatory requirements.
- Provide guidance on the creation and development of key security documentation.
- Assist in preparation and execution of regular audits and assessments to evaluate the effectiveness of implemented controls and identify areas for improvement.
- Serve as a subject matter expert on compliance activities during client engagements, providing guidance and support to key stakeholders.
- Stay informed about emerging trends, best practices, and regulatory changes related to NIST 800-171 and other relevant frameworks.
- Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements
- Provide feedback to the client delivery organization to continually improve the client experience.
- Strong verbal and written communication skills are essential for effectively communicating complex technical concepts to non-technical stakeholders. GRC consultants often need to interact with various departments within an organization, including executives, IT teams, legal, and compliance officers.
- Experience in developing, implementing, and managing compliance programs tailored to specific regulatory requirements. This includes establishing policies, procedures, and controls to ensure adherence to applicable laws and standards.
- Familiarity with IT systems, networks, and security technologies to assess technical controls and recommend security measures to protect against cyber threats. This includes understanding encryption, access controls, intrusion detection/prevention systems, etc.
- The skill to build and maintain strong relationships with clients, earning their trust and confidence through professional conduct and delivering value-added services.
- The capacity to adjust and thrive in dynamic environments with evolving regulatory requirements, organizational changes, and emerging risks.
- Ability to analyze complex issues, evaluate multiple factors, and develop practical solutions to address compliance and risk management challenges.
- The aptitude to pay close attention to details and ensure accuracy in compliance assessments, documentation, and reporting.
- Ability to manage multiple projects with changing/shifting/dynamic priorities
- Demonstrated integrity, professionalism, and commitment to ethical conduct.
- Bachelor's Degree in Information Systems, Information Security, Accounting or related field or an equivalent combination of education and experience
- Working knowledge of NIST 800-171 standards. Experience in related compliance frameworks including CMMC, DFARS 7812, NIST 800-53, ISO 27001, SOC 2/TYPE2, PUB 4812, HIPAA, and PCI is a plus.
- Technology or operational risk management related experience performing risk management and analysis related activities
- Experience with risk management frameworks such as the Cybersecurity Management Framework (CSF)
- Any of the following professional certifications: CISM, GRCP, CRISC, CISSP, CMMC RP
- Security Clearance
At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability!
Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.
Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America.
All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.
Disclaimer: Please note that pursuant to contractual requirements and applicable law, in order for employees to perform work on some of the company’s federal contracts, U.S. citizenship is required. Accordingly, an employee’s ability to perform work on such contracts is contingent upon the company’s verification of the employee’s citizenship status. Furthermore, individuals may be subject to additional background checks and fingerprinting.
BlueVoyant Candidate Privacy Notice
To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Audits CISM CISSP Clearance CMMC Compliance CRISC DFARS Encryption HIPAA Intrusion detection ISO 27001 NIST NIST 800-53 Privacy Risk management Security Clearance SOC SOC 2
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs