The GRC Security Consultant II will report to the Chief Executive Officer and be a part of the company’s Governance, Risk, and Compliance (GRC) Team consulting practice, working both independently and as part of a team.
Proactively assist in the management of several clients and keep company management updated with progress and issues
Establish effective working relationships directly with clients
Demonstrate and apply a thorough understanding of complex information systems
Quickly gain a working knowledge of client’s IT/Security environments through conversations and observations
Lead assessments of client environments against industry standard frameworks to identify client’s current state of program maturity and identify applicable risks
Work with clients to identify and document their desired maturity state and risk-balanced state and develop a gap assessment and roadmap to guide the process of maturing towards their desired state
Work with clients to document client’s security program through the development of appropriate policies, standards, and processes
Advise client’s teams at all levels from the C-Suite to individual contributors regarding information security governance through mediums such as presentations, reports, and visualizations
Create, develop, and mature the company's catalog of GRC services and contribute to the improvement of all company’s services
Contribute to the development of best practice frameworks suitable for use during assessments and improvement planning, and integration with assessment tool sets
Contribute to the information security community, primarily focused on the areas where the company operates
Continually research and learn new technologies and techniques through a mix of self-guided and formal training
Cultivate new and existing client relationships to develop business opportunities
Ask questions, think deeply and critically, consistently learn from and teach others, regularly improve and grow
Take initiative, be on time and prepared, optimize the use of everybody’s time
Proven experience in Information Security with a focus on protecting companies through building a security program, security governance documentation, and engineering systems to be robust and resistant to attack
Familiarity with common security frameworks and regulations such as SOX, HIPAA/HITECH, PCI-DSS, GDPR, NIST 800 series, FedRAMP, ITIL, ISO 27001/2, COBIT, and SOC 2
Knowledge of risk assessment techniques and risk management program documentation
Familiarity with approaches to assessing and managing third-party risk
Clear understanding of emerging information security trends, including changes in security frameworks and regulatory requirements
Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed
Ability to write clear and concise information security policies, standards, and processes
Ability to conduct an information security risk and information security maturity assessment
CISSP or equivalent training and certification
Prior consulting experience, especially with a focus on partnering with companies to improve the robustness of their security program or establish a robust security program from scratch
Ability to describe and communicate complex technical security concepts to technical and non-technical audiences
Strong written and verbal communication skills, including the ability to present at information security events and conferences, and to curate content such as writing blog posts and written reports
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
OpenArc is a technology consulting firm providing industry-leading technical talent placement, software development, and technology strategy services to clients nationwide. Through a unique blending of people and software, OpenArc has a business practice that delivers amazing enterprise, mobile and consumer-facing apps and the best talent for contract, contract-to-hire and direct placements for clients and partners alike.
Staffed with the most-trusted recruiting experts, elite software developers, UI/UX designers and market experts, our team provides clients with the best resources, the right techniques and world-class support resulting in powerful measurable success.