IT GRC (Governance, Risk and Compliance) Consultant

\n
• Experience in core IT Risk, Compliance, and security projects.
\n
• Strong familiarity with industry frameworks such as ISO standards, GDPR, NIST, PCI DSS.
\n
• Broad understanding of cyber security concepts and risks.
\n
• Experience in assessment of audit findings/gaps including control weaknesses in coordination with different stakeholders and assist with development of management action plans.
\n
• In depth understanding of security classification, change controls, SDLC, security controls, Application Controls, including interfaces and configurations on a variety of applications, operating systems, databases, and networks.
\n
• Project management experience in the areas of IT Risk, Compliance, and security operations. Ability to plan and manage multiple GRC and Security engagements.
\n
• Help with the planning of SOX program by setting the objective, scope, and work program of individual audits
\n
• Conduct follow-up on both open and past due actions on security control implementations on a regular basis
\n
• Understand client needs to develop project plans, resource plans, establish reporting and metrics and provide the clients and leaders with regular project updates.
\n
• Ensure that the project team is utilized appropriately and consistently with a strong focus on process/tool automations and innovations.
\n
• Excellent customer service, strong analytical thinking, problem solving, decision making, verbal and written communication skills.
\n
• Working knowledge of common audit and compliance tools. Experience with a Governance/Risk/Compliance (GRC) platform required.
\n
• Collaborate with Key Customer and relevant stakeholders to assess near and long-term GRC needs, plan staffing accordingly.
\n
• Strong people management skills. Train/Mentor project team members to ensure quality of work product is consistent throughout client engagements, and best practices are applied for every engagement.
\n
• Professional certification such as CISA, CISM, CRISC, or CISSP is desirable.
\n
• Very strong in Microsoft Word, PowerPoint, Excel, and email.
\n

Primary Skills:

\n
• Governance, Risk and Compliance (GRC)
\n
• Security Frameworks
\n
• ITGC
\n
• ISMS Implementation
\n

Secondary Skills:

\n
• CISA, CISM, CRISC, or CISSP Certifications
\n