Consultant, GRC Services
Thrive · Tampa, FL · 2 wk ago
ConsultingFull-time
Responsibilities
- Participates in day-to-day operations and client engagement activities across various client projects involving compliance readiness and security assessments.
- Supports the Abacode GRC Service Delivery team with conducting on-going and new assessments of controls, processes, and procedures across multiple clients and compliance standards: NIST 800-171 (CMMC), SOC 2, ISO 27001, HIPAA, PCI DSS, NIST CSF and CIS
- Supports clients with maintaining compliance with such frameworks by guiding them through control execution and evidence collection and review.
- Supports compliance, policy, procedural, and technical review of client information security and/or compliance program(s), providing maturity and improvement recommendations based on experience and industry best practices.
- Performs security controls gap analysis and identification based on compliance mandates, standards, and security benchmarks.
- Documents security controls inventory of client systems within the GRC portals.
- Conducts general cybersecurity Risk Assessments
- Provides tactical guidance aimed at helping clients meet compliance requirements across applicable security standards and frameworks.
- Performs audit liaison activities, guiding and assisting clients with audit preparation, evidence identification and gathering, and responding to audit questions.
- Manages compliance requirements across multiple clients in parallel. Works with clients to identify opportunities for improvement for client’s security controls.
- Builds internal company partnerships and collaborates with team leaders to determine the company's services, delivery criteria, and solutions for issues that may arise.
- Supports evidence collection for internal Abacode/Thrive audits.
- Identifies and makes suggestions for improvements when problems and/or opportunities arise.
- Keeps up to date with developments in the cybersecurity, privacy, and GRC areas of specialization.
- Performs other duties as assigned.
- Minimum: Bachelor's Degree in related field or relevant work experience.
- 2-4 years of experience conducting and documenting security and compliance risk assessments
- Experience working in a client-facing consulting or service delivery capacity
- Experience managing multiple clients/projects in parallel.
- Experience with general project management and customer success/service is strongly desired.
- Demonstrated understanding of control frameworks and regulatory requirements for NIST 800-171, NIST-CSF, SOC-2, and ISO 27001.
- PREFERRED: Experience with: HIPAA, PCI-DSS.
- Good understanding of the Department of Defense CMMC ruling and implications for the Defense Industrial Base.
- Proven ability to assess risks and controls and identify opportunities for improvement.
- Excellent written and verbal communication skills along with excellent interpersonal skills. Able to communicate confidently in a clear, concise, and articulate manner - verbally and written in the documentation produced.
- Ability to work independently and with minimal supervision.
- Self-motivated, positive attitude, and a team player.