Compliance Consultant – GRC Practice

Job Description: • Lead and execute compliance assessments across one or more regulatory and standards frameworks, including but not limited to SOC 2 Type I/II, ISO 27001, CMMC 2.0, NIST CSF, HIPAA, PCI-DSS, and FedRAMP • Manage multiple concurrent engagements across different clients and frameworks with minimal supervision • Map overlapping frameworks and identify where controls satisfy multiple standards simultaneously • Conduct qualitative and semi-quantitative risk assessments, evaluate control design effectiveness, and recommend compensating or corrective controls appropriate to client operating environments • Draft, review, and revise information security policies, procedures, standards, and control narratives • Support clients through external audits and certification processes, serving as the primary liaison between the client and auditors during evidence collection phases • Contribute meaningfully to the practice's pipeline Requirements: • Minimum bachelor's degree in information systems, computer science, business, law, or a closely related field, or equivalent demonstrated experience • Minimum 5 years of experience in compliance, information security, audit, or a directly related advisory function, including at least two years in a consulting or client-facing delivery role • Demonstrated hands-on experience with at least two of the following: SOC 2, ISO 27001, CMMC 2.0, NIST CSF, HIPAA, PCI-DSS, or FedRAMP • At least one active professional certification — CISA, CISSP, CISM, CRISC, or CCSFP are most relevant to this role • Strong written and verbal communication skills, including the ability to convey technical findings to non-technical audiences with clarity and precision Benefits: • Competitive salary • Health insurance • Professional development opportunities • Flexible working arrangements