GRC Senior Consultant

Summary

Join Zaviant, a boutique consulting firm specializing in Data Security, Privacy, and Third-Party Risk Management, as a GRC Senior Consultant. You will be a key player in helping organizations enhance their data protection processes. Responsibilities include using risk assessment methodologies, assisting in identifying control gaps, and maintaining awareness of relevant legislation and regulations. You will collaborate with clients and team members, execute security assessments, and work with technology vendors. This role requires a Bachelor's degree, 5-8 years of experience in information systems and security, and specific certifications are preferred. Zaviant offers a competitive salary, bonuses, and comprehensive benefits.

Requirements

• Bachelor’s Degree in Information Systems, Computer Science, or a related discipline
• 5-8 years of experience focused on information systems and security audit, consulting, or an equivalent breadth of experience in information security, systems, and network technology
• Competency in the areas of IT general computer controls specifically in information security, logical access, physical security, change management, application controls, interfaces, backup and recovery, and computer operations
• Working knowledge of IT auditing and compliance practices
• Able to independently evaluate the effectiveness of security controls
• The successful candidate must not be subject to employment restrictions from a former employer (such as a non-compete) that would prevent the candidate from performing the job responsibilities as described

Responsibilities

• Use risk assessment methodologies to identify residual risk and control strengthening opportunities
• Assist process owners and control owners identify gaps in control design and control operating effectiveness of IT general controls and related remediation measures
• Assist in identifying the opportunities for using automated computer assisted audit techniques as necessary to reduce resource impact
• Maintain an awareness of existing and proposed security-setting groups, State and Federal legislation, and regulations pertaining to information security and identify regulatory changes that will affect information security policy, standards, procedures, controls, and recommend appropriate changes
• Help clients address security-related controls risks and issues
• Proactively interact with clients to gather information, resolve problems, and make recommendations for improvements
• Collaborate with team members at all levels in the development and marketing of the data security solution offering
• Execute security assessments and audits against various frameworks
• Work with various partners and technology vendors to develop joint solutions
• Support multiple engagements in a rapidly growing, fast-paced, interactive, results-based small team environment

Preferred Qualifications

• Security+, Certified Information Systems Auditor (CISA), Certified in Risk and Information System Controls (CRISC), Certified Information Security Professional (CISSP) certifications
• Experience leading a team of cyber security professionals
• Working knowledge of the NIST Cyber Security Framework, additionally, knowledge of PCI and Data Privacy & Protection regulations desired - GDPR, CCPA, HIPAA, SOC 1, SOC 2
• Big 4 public accounting or consulting experience
• Excellent communication and presentation skills
• Strong process documentation and reporting capabilities
• Self-motivated and self-directed
• Cross-functional solid team leader and collaborative approach to problem-solving
• General knowledge of Governance, Risk, Compliance (GRC) tool sets

Benefits

• Competitive salary and bonuses
• Medical/Dental/Vision benefits
• Excellent 401K employer match