GRC Consultant (Risk Advisory Consultant) - Mexico (Remote)

at  Echelon Risk Cyber

About us: At Echelon Risk + Cyber we believe in defending the basic human right to security and privacy. We are looking for an exceptional GRC consultant for our growing Risk Advisory Group. This individual will not only work on client projects but will also work on building processes to support Echelon Risk + Cyber’s continued growth. Consultative client work will be performed with clients a wide range of industries, sizes, and compositions. Work will include a variety of engagements, include maturity assessments, incident response planning, and general advisory consulting.
Our next team member will be ready to roll up their sleeves and identify opportunities for our clients and for Echelon internally with unquestioned integrity. This team member will be passionate about cybersecurity and ready to use their knowledge to be an Entrepreneurial Problem Solver and work alongside their Echelon team members to build creative solutions.
At Echelon, we believe learning never stops. You will have the opportunity to engage with systems that are at the cutting edge of technology and team members that will challenge you with meaningful work. We allow our team members to build from the ground up and make an impact across the organization.

YOUR KNOWLEDGE, SKILLS, AND ABILITIES:

• 2-3 years of hands-on experience in Governance, Risk, and Compliance (GRC) consulting, ideally focusing on PCI-DSS, CMMC, and privacy regulations such as GDPR and CCPA.
• Proven experience in incident response planning and preparedness, with a solid understanding of business continuity and disaster recovery concepts.
• Ability to conduct risk assessments, compliance reviews, and readiness evaluations across diverse industries and environments.
• Strong analytical skills with the ability to identify and assess complex risk scenarios and offer practical solutions.
• Familiarity with leading GRC tools and technologies to support compliance and risk management initiatives.
• Excellent communication and presentation skills, capable of articulating technical concepts to technical and non-technical audiences.
• Strong project management skills, including managing multiple engagements and deliverables simultaneously while maintaining high quality and client satisfaction standards.
• Preferred experience working at Big 4, Crowe LLP, Protiviti, or similar consulting environments.

PREFERRED QUALIFICATIONS:

• Already certified in, or currently pursuing, one or more industry-standard certifications.
• Experience with the incident response lifecycle.
• Experience developing project plans and timelines.

• Provide strategic consulting on Governance, Risk, and Compliance (GRC) frameworks, including PCI-DSS, CMMC, and privacy regulations such as GDPR and CCPA.
• Work directly with clients to assess and enhance their cybersecurity posture, particularly in incident response preparedness, business continuity, and disaster recovery planning.
• Support clients in identifying and managing risks, ensuring compliance with regulatory requirements and developing security policies and procedures.
• Assist in conducting risk assessments, gap analyses, and readiness reviews, offering actionable recommendations to meet industry standards.
• Collaborate with internal teams and external stakeholders to deliver high-quality GRC solutions, working on multiple concurrent client engagements.
• Stay current with industry trends, regulatory changes, and security threats to enhance client services and methodologies continuously.
• Contribute to developing incident response plans and tabletop exercises to ensure clients can effectively manage cybersecurity incidents.
• Collaborate with clients and other team members to identify information security risks and provide actionable recommendations and solutions.
• Demonstrate consistency, versatility, and adaptability while managing simultaneous client engagements and priorities and delivering quality results promptly.
• Establish exceptional internal and client relationships using strong written and verbal communication skills.
• Stay current with industry trends, emerging threats, and related laws and regulations within cybersecurity.
• Collaborate with team members to resolve new or complex cybersecurity risks and project challenges.
• Demonstrate thought leadership by creating content for the organization’s website blog and involvement in the cybersecurity community.