GRC Consultant

at  BlueVoyant

THE POSITION:

The GRC Consultant works with Conquest clients and internal organization stakeholders to assess and prioritizes information security and cybersecurity risk across client organizations. The GRC Consultant will be an integral resource to the internal organization to ensure systems are designed and managed in accordance with customer regulatory requirements. This individual will serve as the subject matter expert for all compliance matters for Conquest clients, guiding them on managing their organization securely, up to and including regulatory audits.

Responsibilities:

• Conduct comprehensive assessments of clients’ current security posture and compliance status in accordance with governing regulatory standards.
• Provide expert guidance and recommendations on implementing technical, administrative, and operational controls to address regulatory security requirements effectively.
• Collaborate with clients and other members of the organization to develop tailored strategies and roadmaps for achieving and maintaining compliance with regulatory requirements.
• Consult on architectural design to ensure alignment with security best practices and regulatory requirements.
• Provide guidance on the creation and development of key security documentation.
• Assist in preparation and execution of regular audits and assessments to evaluate the effectiveness of implemented controls and identify areas for improvement.
• Serve as a subject matter expert on compliance activities during client engagements, providing guidance and support to key stakeholders.
• Stay informed about emerging trends, best practices, and regulatory changes related to NIST 800-171 and other relevant frameworks.
• Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements
• Provide feedback to the client delivery organization to continually improve the client experience.

Requirements:

• Strong verbal and written communication skills are essential for effectively communicating complex technical concepts to non-technical stakeholders. GRC consultants often need to interact with various departments within an organization, including executives, IT teams, legal, and compliance officers.
• Experience in developing, implementing, and managing compliance programs tailored to specific regulatory requirements. This includes establishing policies, procedures, and controls to ensure adherence to applicable laws and standards.
• Familiarity with IT systems, networks, and security technologies to assess technical controls and recommend security measures to protect against cyber threats. This includes understanding encryption, access controls, intrusion detection/prevention systems, etc.
• The skill to build and maintain strong relationships with clients, earning their trust and confidence through professional conduct and delivering value-added services.
• The capacity to adjust and thrive in dynamic environments with evolving regulatory requirements, organizational changes, and emerging risks.
• Ability to analyze complex issues, evaluate multiple factors, and develop practical solutions to address compliance and risk management challenges.
• The aptitude to pay close attention to details and ensure accuracy in compliance assessments, documentation, and reporting.
• Ability to manage multiple projects with changing/shifting/dynamic priorities
• Demonstrated integrity, professionalism, and commitment to ethical conduct.

Qualifications:

• Bachelor’s Degree in Information Systems, Information Security, Accounting or related field or an equivalent combination of education and experience
• Working knowledge of NIST 800-171 standards. Experience in related compliance frameworks including CMMC, DFARS 7812, NIST 800-52, ISO 27001, SOC 2/TYPE2, PUB 4812, HIPAA, and PCI is a plus.
• Technology or operational risk management related experience performing risk management and analysis related activities
• Experience with risk management frameworks such as the Cybersecurity Management Framework (CSF)

Preferred Competencies:

• Any of the following professional certifications: CISM, GRCP, CRISC, CISSP, CMMC RP
• Security Clearance

• Conduct comprehensive assessments of clients’ current security posture and compliance status in accordance with governing regulatory standards.
• Provide expert guidance and recommendations on implementing technical, administrative, and operational controls to address regulatory security requirements effectively.
• Collaborate with clients and other members of the organization to develop tailored strategies and roadmaps for achieving and maintaining compliance with regulatory requirements.
• Consult on architectural design to ensure alignment with security best practices and regulatory requirements.
• Provide guidance on the creation and development of key security documentation.
• Assist in preparation and execution of regular audits and assessments to evaluate the effectiveness of implemented controls and identify areas for improvement.
• Serve as a subject matter expert on compliance activities during client engagements, providing guidance and support to key stakeholders.
• Stay informed about emerging trends, best practices, and regulatory changes related to NIST 800-171 and other relevant frameworks.
• Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements
• Provide feedback to the client delivery organization to continually improve the client experience