Compliance Consultant – GRC Practice
Job Description:
- Lead and execute compliance assessments across one or more regulatory and standards frameworks, including but not limited to SOC 2 Type I/II, ISO 27001, CMMC 2.0, NIST CSF, HIPAA, PCI-DSS, and FedRAMP
- Manage multiple concurrent engagements across different clients and frameworks with minimal supervision
- Map overlapping frameworks and identify where controls satisfy multiple standards simultaneously
- Conduct qualitative and semi-quantitative risk assessments, evaluate control design effectiveness, and recommend compensating or corrective controls appropriate to client operating environments
- Draft, review, and revise information security policies, procedures, standards, and control narratives
- Support clients through external audits and certification processes, serving as the primary liaison between the client and auditors during evidence collection phases
- Contribute meaningfully to the practice's pipeline
Requirements:
- Minimum bachelor's degree in information systems, computer science, business, law, or a closely related field, or equivalent demonstrated experience
- Minimum 5 years of experience in compliance, information security, audit, or a directly related advisory function, including at least two years in a consulting or client-facing delivery role
- Demonstrated hands-on experience with at least two of the following: SOC 2, ISO 27001, CMMC 2.0, NIST CSF, HIPAA, PCI-DSS, or FedRAMP
- At least one active professional certification — CISA, CISSP, CISM, CRISC, or CCSFP are most relevant to this role
- Strong written and verbal communication skills, including the ability to convey technical findings to non-technical audiences with clarity and precision
Benefits:
- Competitive salary
- Health insurance
- Professional development opportunities
- Flexible working arrangements