Senior GRC Consultant, Tampa
Come join one of the fastest-growing Cybersecurity & Compliance firms in the U.S. At Abacode you’ll find a career, incredible teammates, and a purpose-driven culture which gives back to the communities we serve.
The Governance, Risk, and Compliance (GRC) Senior Consultant is a client-facing role that helps build, manage, and maintain cybersecurity compliance programs for client’s across various industries.
Hands-on security consulting experience, policy development, and subject matter expertise with a variety of regulatory security frameworks (SOC, ISO, HIPAA, PCI, NIST, and CMMC) is required in this role to effectively assist clients in solving their individual compliance needs and providing clear actionable direction to continually improve their compliance maturity and overall security effectiveness.
The ideal candidate will be a Player/Coach and have a record of excellence in leading client engagements; and will also fill a critical consultative role in scoping, assessing, designing, and/or implementing GRC programs for a wide range of clients across the country. The consultant must demonstrate an understanding of enterprise security best practices and procedures, GRC solution design, and implementation expertise to include performing and documenting enterprise risk assessments in support of continual compliance programs and initiatives.
- Develop, assess, architect, design, and implement GRC solutions and risk assessments across multiple compliance standards (SOC, ISO, HIPAA, PCI, NIST, CMMC)
- Lead day-to-day billable operations and client engagement activities across various client projects involving compliance readiness and assessment
- Conduct in-depth compliance, policy, procedural and technical review of client information security and/or compliance program(s) (onsite and remote) with maturity and improvement recommendations based on experience and industry best practices
- Perform security control gap identification based on compliance mandates, standards, and benchmarks
- Document security control architecture of client systems
- Provide tactical and strategic guidance aimed at helping achieve compliance requirements across applicable standards
- Perform audit liaison activities, guiding and assisting clients with audit preparation and evidence identification
- Manage continual compliance requirements for multiple clients
- Building internal Abacode partnerships and liaising with team leaders to determine the company’s services, delivery criteria, and solutions for issues that may ariseBuilding internal Abacode partnerships and liaising with team leaders to determine the company’s services, delivery criteria, and solutions for issues that may arise
- Minimum 3-5 years’ experience delivering GRC consulting services to enterprise-level clients, or equivalent experience
- 3-5 years’ external auditing experience across multiple compliance standards
- Big Four audit experience is a plus
- 3-5 years of experience performing and documenting security risk assessments
- Experience with managing and reporting utilization / financial forecasts / results to Abacode finance department and Management
- Strong leadership and project management skills
- Knowledge of GRC solution architecture and design
- Expertise in leading GRC solutions implementation
- Demonstrated understanding of best practice control frameworks and regulatory requirements, e.g. ISO 27001, SOC, NIST, HIPAA, PCI-DSS, CMMC, etc.
- Broad knowledge of information technology and information security and critical data protection practices
- Proven ability to assess risks and controls and identify opportunities for improvement
- CISSP, CISA, and/or CISM Certification highly preferred
- Bachelor’s Degree in related field or relevant work experience
- Excellent written and verbal communication skills along with excellent interpersonal skills
- Self-motivated, positive attitude, and a team player
- Ability to work independently and with minimal supervision
- Understanding of common regulatory or standards-based control frameworks such as PCI-DSS, ISO 27001/2, NIST 800-53, etc.
- History of awards/recognition exceptional technical ability and value add; industry recognition