GRC Associate

GRC Associate, Tampa

Come join one of the fastest-growing Cybersecurity & Compliance firms in the U.S. At Abacode you’ll find a career, incredible teammates, and a purpose-driven culture which gives back to the communities we serve.

The Governance, Risk, and Compliance (GRC) Associate is a client-facing role that helps build, manage, and maintain cybersecurity compliance programs for clients across various industries.

Hands-on security consulting experience, policy development, and subject matter expertise with a variety of regulatory security frameworks (SOC, ISO, HIPAA, PCI, NIST, and CMMC) is required in this role to effectively assist clients in solving their individual compliance needs and providing clear actionable direction to continually improve their compliance maturity and overall security effectiveness.

The ideal candidate will be a Player/Coach and have a record of excellence in leading client engagements; and will also fill a critical consultative role in scoping, assessing, designing, and/or implementing GRC programs for a wide range of clients across the country. The consultant must demonstrate an understanding of enterprise security best practices and procedures, GRC solution design, and implementation expertise to include performing and documenting enterprise risk assessments in support of continual compliance programs and initiatives.

Core Responsibilities:

  • Manages and conducts on-going and new assessments of controls, processes, and procedures across multiple compliance standards (SOC, ISO, HIPAA, PCI, NIST, CMMC)
  • Participate in day-to-day billable operations and client engagement activities across various client projects involving compliance readiness and assessment
  • Conduct in depth compliance, policy, procedural and technical review of client information security and / or compliance program(s) with maturity and improvement recommendations based on experience and industry best practices
  • Perform security control gap identification based on compliance mandates, standards, and benchmarks
  • Document security control architecture of client systems
  • Provide tactical and strategic guidance aimed at helping achieve compliance requirements across applicable standards 
  • Perform audit liaison activities, guiding and assisting clients with audit preparation and evidence identification
  • Manage continual compliance requirements for multiple clients  
  • Building internal Abacode partnerships and liaising with team leaders to determine the company’s services, delivery criteria, and solutions for issues that may arise.


  • 1-3 years of experience performing and documenting security risk assessments
  • Knowledge of GRC solution architecture and design
  • Demonstrated understanding of best practice control frameworks and regulatory requirements, e.g., ISO 27001, SOC, NIST, HIPAA, PCI-DSS, CMMC, etc.
  • Broad knowledge of information technology and information security and critical data protection practices
  • Proven ability to assess risks and controls and identify opportunities for improvement
  • CISSP, CISA and/or CISM Certification highly preferred
  • Bachelor’s Degree in related field or relevant work experience
  • Excellent written and verbal communication skills along with excellent interpersonal skills
  • Self-motivated, positive attitude, and a team player
  • Ability to work independently and with minimal supervision
  • Understanding of common regulatory or standards-based control frameworks such as PCI-DSS, ISO 27001/2, NIST 800-53, etc.

Fill out the form below to apply: