GRC CMMC Consultant

About The Position

Requirements

• Bachelor's Degree in related field or relevant work experience
• 2-4 years of experience conducting and documenting security risk assessments
• Experience working in a client-facing consulting or service delivery capacityExperience managing multiple clients/projects in parallel
• Experience with general project management and customer success/service is strongly desired
• Demonstrated understanding of control frameworks and regulatory requirements for NIST 800-171, NIST-CSF, SOC-2, and ISO 27001
• Proven ability to assess risks and controls and identify opportunities for improvement.
• Excellent written and verbal communication skills along with excellent interpersonal skills. Able to communicate confidently in a clear, concise, and articulate manner - verbally and written in the documentation produced
• Broad knowledge of information technology (basic networking principles), information security (such as identity and access management), and critical data protection practices (basic principles of encryption and sensitive data protection) is highly desirable.
• Self-motivated, positive attitude, and a team player.
• Ability to work independently and with minimal supervision.

Nice To Haves

• Preferred experience with: HIPAA, PCI-DSS
• Good understanding of the Department of Defense CMMC ruling and implications for the Defense Industrial Base
• Preferred prior experience working with GRC systems/tools.
• Preferred prior experience with general IT and Security auditing.

Responsibilities

• Participates in day-to-day operations and client engagement activities across various client projects involving compliance readiness and security assessments
• Supports the Abacode GRC Service Delivery team with conducting on-going and new assessments of controls, processes, and procedures across multiple clients and compliance standards: NIST 800-171 (CMMC), SOC 2, ISO 27001, HIPAA, PCI DSS, NIST CSF and CIS
• Supports clients with maintaining compliance with such frameworks by guiding them through control execution and evidence collection and review
• Supports compliance, policy, procedural, and technical review of client information security and/or compliance program(s), providing maturity and improvement recommendations based on experience and industry best practices
• Performs security controls gap analysis and identification based on compliance mandates, standards, and security benchmarks
• Documents security controls inventory of client systems within the GRC portals.
• Conducts general cybersecurity Risk Assessments
• Provides tactical guidance aimed at helping clients meet compliance requirements across applicable security standards and frameworks
• Performs audit liaison activities, guiding and assisting clients with audit preparation, evidence identification and gathering, and responding to audit questions
• Manages compliance requirements across multiple clients in parallel
• Works with clients to identify opportunities for improvement for client’s security controls
• Builds internal company partnerships and collaborates with team leaders to determine the company's services, delivery criteria, and solutions for issues that may arise
• Supports evidence collection for internal Abacode/Thrive audits
• Identifies and makes suggestions for improvements when problems and/or opportunities arise
• Keeps up to date with developments in the cybersecurity, privacy, and GRC areas of specialization