GRC Consultant

GRC Consultant
Location: Remote in the United States East Coast preferred
US Citizenship Required

The Position:

The GRC Consultant works with Conquest clients and internal organization stakeholders to assess and prioritizes information security and cybersecurity risk across client organizations. The GRC Consultant will be an integral resource to the internal organization to ensure systems are designed and managed in accordance with customer regulatory requirements. This individual will serve as the subject matter expert for all compliance matters for Conquest clients, guiding them on managing their organization securely, up to and including regulatory audits. 

Responsibilities:

• Conduct comprehensive assessments of clients' current security posture and compliance status in accordance with governing regulatory standards.
• Provide expert guidance and recommendations on implementing technical, administrative, and operational controls to address regulatory security requirements effectively.
• Collaborate with clients and other members of the organization to develop tailored strategies and roadmaps for achieving and maintaining compliance with regulatory requirements.
• Consult on architectural design to ensure alignment with security best practices and regulatory requirements. 
• Provide guidance on the creation and development of key security documentation. 
• Assist in preparation and execution of regular audits and assessments to evaluate the effectiveness of implemented controls and identify areas for improvement.
• Serve as a subject matter expert on compliance activities during client engagements, providing guidance and support to key stakeholders.
• Stay informed about emerging trends, best practices, and regulatory changes related to NIST 800-171 and other relevant frameworks.
• Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements
• Provide feedback to the client delivery organization to continually improve the client experience.  

Requirements:

• Strong verbal and written communication skills are essential for effectively communicating complex technical concepts to non-technical stakeholders. GRC consultants often need to interact with various departments within an organization, including executives, IT teams, legal, and compliance officers.
• Experience in developing, implementing, and managing compliance programs tailored to specific regulatory requirements. This includes establishing policies, procedures, and controls to ensure adherence to applicable laws and standards.
• Familiarity with IT systems, networks, and security technologies to assess technical controls and recommend security measures to protect against cyber threats. This includes understanding encryption, access controls, intrusion detection/prevention systems, etc.
• The skill to build and maintain strong relationships with clients, earning their trust and confidence through professional conduct and delivering value-added services. 
• The capacity to adjust and thrive in dynamic environments with evolving regulatory requirements, organizational changes, and emerging risks.
• Ability to analyze complex issues, evaluate multiple factors, and develop practical solutions to address compliance and risk management challenges. 
• The aptitude to pay close attention to details and ensure accuracy in compliance assessments, documentation, and reporting. 
• Ability to manage multiple projects with changing/shifting/dynamic priorities
• Demonstrated integrity, professionalism, and commitment to ethical conduct.

Qualifications:

• Bachelor's Degree in Information Systems, Information Security, Accounting or related field or an equivalent combination of education and experience
• Working knowledge of NIST 800-171 standards. Experience in related compliance frameworks including CMMC, DFARS 7812, NIST 800-53, ISO 27001, SOC 2/TYPE2, PUB 4812, HIPAA, and PCI is a plus.
• Technology or operational risk management related experience performing risk management and analysis related activities
• Experience with risk management frameworks such as the Cybersecurity Management Framework (CSF)

Preferred Competencies:

• Any of the following professional certifications: CISM, GRCP, CRISC, CISSP, CMMC RP
• Security Clearance

About BlueVoyant

At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics, and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability!

Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.

Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America.

All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.

Disclaimer: Please note that pursuant to contractual requirements and applicable law, in order for employees to perform work on some of the company’s federal contracts, U.S. citizenship is required. Accordingly, an employee’s ability to perform work on such contracts is contingent upon the company’s verification of the employee’s citizenship status. Furthermore, individuals may be subject to additional background checks and fingerprinting.

BlueVoyant Candidate Privacy Notice

To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice