Senior GRC Consultant
Our client is fundamentally different from most Cybersecurity providers. They address clients’ risk from a business strategy first and cyber-technologies second. This methodology ensures their clients’ technical and non-technical leadership can make unbiased strategic decisions that positively impact the entire organization.
As one of the few solely dedicated full-service Cybersecurity and Governance, Risk & Compliance (GRC) firms, our client provides companies with a single trusted source for all cybersecurity and compliance products, solutions, and managed services. Regulatory Compliance and Cybersecurity is not a part of what they do. It is their sole focus.
Requirements and Expectations:
3+ years’ client-facing experience with the following:
- Perform and manage assessments against information security frameworks
- Be an expert in two or more assessment types, including but not limited to: ISO 27000 series, HIPAA and HITRUST, NIST, SOC2, Privacy.
- Perform and manage assessments including but not limited to: sampling, risk management, maturity scoring and strategic/tactical scoring.
- Perform and manage assessments including planning, scheduling, interviews, observations, technical testing, site visits, documentation review, reporting and quality assurance.
- Handle all aspects of engagement work in an expert manner, including: time management, issue management, organization and proactive communication.
- Perform technical validation activities in an expert manner in accordance with information security frameworks, including but not limited to: routers, firewalls, wireless devices, and IDS/IPS configurations, network architecture designs, log data and SIEM configuration, anti-virus implementations, server and workstation configurations, encryption solutions and key management, database schema and table design, access control systems and user accounts, FIM, vulnerability management and penetration testing results, etc.
- Develop and/or review policies, standards, processes and procedures
- Assist with the development and training of Associate Consultants and Security Consultants.
- Provide ideas and solutions for the improvement of programs, methodologies, processes and procedures.