Lead a variety of GRC framework engagements (such as environment scoping, gap analysis, training workshops, policy and procedure development) for framework compliance.
Assess the security and compliance of client firms against regulatory and industry requirements and standards, and against security best practice frameworks.
Provide quality control and peer review to other members of the delivery staff.
Work closely with Project Managers, Directors and other Delivery team members to effectively manage project timelines and deliverables.
Design, implement, and automate scalable compliance solutions.
Lead interviews with client staff, analyze documents, and develop reports for clients.
Mentor and develop team members to help grow the team and its capabilities.
Engage outwardly into the community through blog posts, technical white papers, forum participation and conference speaking engagements.

Requirements

7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role.
Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required.
Proven experience with GRC automation platforms (UiPath, Vanta, Drata, Archer, OneTrust, Oracle GRC, Hyperproof, or other market competitors, etc..).
Familiarity with GRC as a Service, MSP, and MSSP concepts to build recurring revenue models.
A strong work ethic, thirst for knowledge, enthusiasm for tacking new challenges, and a “we, not I” mentality when it comes to teamwork and the achievement of organizational goals.
Strong communication skills with executive presence for CIO/CTO/CISO-level discussions.
Knowledge of the latest information risk, security and compliance innovations, trends, challenges and solutions to provide best-practice recommendations.
Experience in leveraging security best practices and/or standards (NIST, ISO, CIS Top 20, ISSA, CSA CMM, OWASP, DMBOK, Prosci, GAO Greenbook, COBIT, AICPA/SOC TSCs) to solve problems for GRC programs.
Strong knowledge of Centralized Common Compliance Frameworks (CCF) and multi-framework mapping.
Experience building common compliance frameworks as well as mapping between different compliance requirements.
Demonstrated depth of security understanding in various sub domains such as encryption, business continuity, disaster recovery, identity and access management, incident response, change management, etc.
Hands-on experience in systems architecture and integration of compliance solutions.
Problem solving skills that contribute to the development of consultative solutions for unique client requirements.
Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience.
Proven ability in strategic consulting and influencing executive level decision makers both internally and externally.
Experience leading discussions on the relationship between security, risk management, compliance, and sales/marketing.
3+ years of experience working with ISO/IEC 27001:2022 and/or System and Organization Controls (SOC) 2
One or more of the following certifications: ISO: ISO/IEC 27001, ISO/IEC 27701:2019, ISO/IEC 42001:2023, and/or ISO 22301:2019 Lead Auditor/Implementer, CISM, CISA, CIPP/US / CIPP/EU, CISSP, CRISC, CDPSE, AAIA, AAIR, AAISM, CGEIT, CCP/CCA

Benefits

paid parental leave
flexible time off
certification and training reimbursement
digital mental health and wellbeing support membership
comprehensive insurance options

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

IT security auditcompliancerisk managementdata privacyGRC automationsystems architectureencryptionincident responsechange managementbusiness continuity

Soft Skills

strong work ethicteamworkcommunication skillsproblem solvingstrategic consultingmentoringexecutive presenceenthusiasm for learninginfluencing decision makerscommunity engagement

Certifications

ISO/IEC 27001ISO/IEC 27701:2019ISO/IEC 42001:2023ISO 22301:2019 Lead Auditor/ImplementerCISMCISACIPP/USCIPP/EUCISSPCRISC