GRC Consultant
Cyberr · United States · 6 days ago
RemoteRemoteInformation TechnologyFull-time
Responsibilities
- Lead clients through the planning, design, configuration, and transition phases of governance, risk, and compliance programs, ensuring alignment with business objectives and risk tolerance.
- Assess technical and procedural security controls to evaluate their maturity, effectiveness, and compliance against industry standards and frameworks such as ISO/IEC 27001, NIST SP 800-53, PCI DSS, COBIT, HIPAA, and NERC CIP.
- Analyze privacy practices and controls for compliance with regulations such as GDPR, FIPPA, PIPEDA, and PIPA. Recommend improvements to ensure privacy assurance and reduce regulatory risk.
- Design and develop client-specific security governance structures, policies, and processes. Build scalable and sustainable information security programs to support client growth and compliance objectives.
- Provide strategic and tactical security recommendations to help clients optimize budgets while strengthening security posture across operations, systems, and processes.
- Build trusted relationships with client stakeholders. Deliver compelling presentations, reports, and strategic roadmaps tailored to executive and technical audiences.
- Contribute to the development and refinement of Mirai’s GRC service delivery methodologies and best practices.
- Represent Mirai with integrity, professionalism, and subject-matter expertise in both client-facing engagements and the broader industry community.
Qualifications & Requirements
- 5+ years of experience in cybersecurity governance, risk, and compliance roles, preferably in a consulting or client-facing capacity.
- Proven expertise with information security standards and frameworks such as ISO/IEC 27001, NIST SP 800-53, COBIT, and PCI DSS.
- ISO/IEC 27001 Lead Auditor Certification Experience or certification in PCI DSS, CMMC, and/or FedRAMP would be an asset.
- Familiarity with industry-specific compliance challenges across various sectors.
- Strong understanding of privacy laws and regulations including GDPR, PIPEDA, and FIPPA.
- Demonstrated experience developing security policies, risk management strategies, and governance frameworks.
- Able to perform control assessments and gap analyses with actionable recommendations.
- Excellent verbal and written communication skills, including experience working with senior stakeholders.
- Strong client presence, professionalism, and stakeholder engagement skills.
- Comfortable working independently and remotely, while managing multiple client projects.
- A positive, can-do, customer-focused attitude.