GRC Consultant

• Conduct comprehensive assessments of clients' current security posture and compliance status in accordance with governing regulatory standards.
• Provide expert guidance and recommendations on implementing technical, administrative, and operational controls to address regulatory security requirements effectively.
• Collaborate with clients and other members of the organization to develop tailored strategies and roadmaps for achieving and maintaining compliance with regulatory requirements.
• Consult on architectural design to ensure alignment with security best practices and regulatory requirements. 
• Provide guidance on the creation and development of key security documentation. 
• Assist in preparation and execution of regular audits and assessments to evaluate the effectiveness of implemented controls and identify areas for improvement.
• Serve as a subject matter expert on compliance activities during client engagements, providing guidance and support to key stakeholders.
• Stay informed about emerging trends, best practices, and regulatory changes related to NIST 800-171 and other relevant frameworks.
• Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements
• Provide feedback to the client delivery organization to continually improve the client experience.  

• Strong verbal and written communication skills are essential for effectively communicating complex technical concepts to non-technical stakeholders. GRC consultants often need to interact with various departments within an organization, including executives, IT teams, legal, and compliance officers.
• Experience in developing, implementing, and managing compliance programs tailored to specific regulatory requirements. This includes establishing policies, procedures, and controls to ensure adherence to applicable laws and standards.
• Familiarity with IT systems, networks, and security technologies to assess technical controls and recommend security measures to protect against cyber threats. This includes understanding encryption, access controls, intrusion detection/prevention systems, etc.
• The skill to build and maintain strong relationships with clients, earning their trust and confidence through professional conduct and delivering value-added services. 
• The capacity to adjust and thrive in dynamic environments with evolving regulatory requirements, organizational changes, and emerging risks.
• Ability to analyze complex issues, evaluate multiple factors, and develop practical solutions to address compliance and risk management challenges. 
• The aptitude to pay close attention to details and ensure accuracy in compliance assessments, documentation, and reporting. 
• Ability to manage multiple projects with changing/shifting/dynamic priorities
• Demonstrated integrity, professionalism, and commitment to ethical conduct.

• Bachelor's Degree in Information Systems, Information Security, Accounting or related field or an equivalent combination of education and experience
• Working knowledge of NIST 800-171 standards. Experience in related compliance frameworks including CMMC, DFARS 7812, NIST 800-53, ISO 27001, SOC 2/TYPE2, PUB 4812, HIPAA, and PCI is a plus.
• Technology or operational risk management related experience performing risk management and analysis related activities
• Experience with risk management frameworks such as the Cybersecurity Management Framework (CSF)

• Any of the following professional certifications: CISM, GRCP, CRISC, CISSP, CMMC RP
• Security Clearance

BlueVoyant Candidate Privacy Notice

To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice