GRC Security Consultant

Job Title: GRC Security Consultant (Governance, Risk & Compliance)

Location: USA (Remote / Hybrid / Onsite)
Employment Type:Contract

Job Summary

We are seeking a GRC Security Consultant to lead and support governance, risk management, and compliance initiatives across the organization. The ideal candidate will ensure alignment with regulatory standards, assess security risks, and implement controls to protect organizational assets.

Key Responsibilities

• Develop, implement, and maintain GRC frameworks and policies
• Conduct risk assessments, gap analysis, and control evaluations
• Ensure compliance with standards such as ISO/IEC 27001, NIST Cybersecurity Framework, SOC 2, and HIPAA
• Manage audit processes (internal and external)
• Perform third-party/vendor risk assessments
• Develop and track risk mitigation and remediation plans
• Create and maintain security policies, procedures, and documentation
• Provide security awareness training and guidance to stakeholders
• Collaborate with IT, legal, and compliance teams

Required Skills & Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, or related field
• 4–8+ years of experience in GRC, risk management, or information security
• Strong knowledge of frameworks like ISO/IECxxxxxxxxxxxxxxxand NIST Cybersecurity Framework
• Experience with audits, compliance programs, and regulatory requirements
• Familiarity with risk assessment methodologies
• Knowledge of tools like RSA Archer, ServiceNow GRC, or MetricStream
• Strong documentation and reporting skills